{
  "statistics": {
    "processing": [
      {
        "name": "CAPE",
        "time": 2.993
      },
      {
        "name": "AnalysisInfo",
        "time": 0.04
      },
      {
        "name": "BehaviorAnalysis",
        "time": 0.527
      },
      {
        "name": "Debug",
        "time": 0.002
      },
      {
        "name": "NetworkAnalysis",
        "time": 2.737
      },
      {
        "name": "UrlAnalysis",
        "time": 0.0
      },
      {
        "name": "script_log_processing",
        "time": 0.0
      },
      {
        "name": "ProcessMemory",
        "time": 0.001
      }
    ],
    "signatures": [
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "stealth_network",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_blocklist",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_hvcidisallowedimages",
        "time": 0.0
      },
      {
        "name": "disable_hypervisor_protected_code_integrity",
        "time": 0.0
      },
      {
        "name": "pendingfilerenameoperations_Operations",
        "time": 0.0
      },
      {
        "name": "anomalous_deletefile",
        "time": 0.0
      },
      {
        "name": "antiav_360_libs",
        "time": 0.0
      },
      {
        "name": "antiav_ahnlab_libs",
        "time": 0.0
      },
      {
        "name": "antiav_avast_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bitdefender_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bullguard_libs",
        "time": 0.0
      },
      {
        "name": "antiav_emsisoft_libs",
        "time": 0.0
      },
      {
        "name": "antiav_qurb_libs",
        "time": 0.0
      },
      {
        "name": "antiav_servicestop",
        "time": 0.0
      },
      {
        "name": "antiav_apioverride_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_guardpages",
        "time": 0.0
      },
      {
        "name": "antidebug_ntcreatethreadex",
        "time": 0.0
      },
      {
        "name": "antiav_nthookengine_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_outputdebugstring",
        "time": 0.0
      },
      {
        "name": "antidebug_setunhandledexceptionfilter",
        "time": 0.0
      },
      {
        "name": "antidebug_windows",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoo",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoocrash",
        "time": 0.0
      },
      {
        "name": "antisandbox_foregroundwindows",
        "time": 0.0
      },
      {
        "name": "mouse_movement_detect",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_objects",
        "time": 0.0
      },
      {
        "name": "antisandbox_script_timer",
        "time": 0.0
      },
      {
        "name": "antisandbox_sleep",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_unhook",
        "time": 0.0
      },
      {
        "name": "hardware_id_profiling",
        "time": 0.0
      },
      {
        "name": "antivm_directory_objects",
        "time": 0.0
      },
      {
        "name": "antivm_display",
        "time": 0.0
      },
      {
        "name": "antivm_generic_disk",
        "time": 0.0
      },
      {
        "name": "antivm_generic_scsi",
        "time": 0.0
      },
      {
        "name": "antivm_generic_services",
        "time": 0.0
      },
      {
        "name": "antivm_generic_system",
        "time": 0.0
      },
      {
        "name": "antivm_checks_available_memory",
        "time": 0.0
      },
      {
        "name": "detect_virtualization_via_recent_files",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_libs",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_window",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_events",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_libs",
        "time": 0.0
      },
      {
        "name": "antivm_wmi",
        "time": 0.0
      },
      {
        "name": "api_spamming",
        "time": 0.0
      },
      {
        "name": "api_uuidfromstringa",
        "time": 0.0
      },
      {
        "name": "bcdedit_command",
        "time": 0.0
      },
      {
        "name": "bootkit",
        "time": 0.0
      },
      {
        "name": "direct_hdd_access",
        "time": 0.0
      },
      {
        "name": "physical_drive_access",
        "time": 0.0
      },
      {
        "name": "potential_overwrite_mbr",
        "time": 0.0
      },
      {
        "name": "read_file_raw_disk_access",
        "time": 0.0
      },
      {
        "name": "suspicious_iocontrol_codes",
        "time": 0.0
      },
      {
        "name": "browser_needed",
        "time": 0.0
      },
      {
        "name": "firefox_disables_process_tab",
        "time": 0.0
      },
      {
        "name": "amsi_enumeration",
        "time": 0.0
      },
      {
        "name": "regsvr32_squiblydoo_dll_load",
        "time": 0.0
      },
      {
        "name": "suspicious_ntdll_disk_load",
        "time": 0.0
      },
      {
        "name": "direct_syscall_evasion",
        "time": 0.0
      },
      {
        "name": "unbacked_syscall_execution",
        "time": 0.0
      },
      {
        "name": "uac_bypass_cmstp",
        "time": 0.0
      },
      {
        "name": "uac_bypass_eventvwr",
        "time": 0.0
      },
      {
        "name": "uac_bypass_windows_Backup",
        "time": 0.0
      },
      {
        "name": "privilege_elevation_check",
        "time": 0.0
      },
      {
        "name": "dotnet_code_compile",
        "time": 0.0
      },
      {
        "name": "queries_computer_name",
        "time": 0.0
      },
      {
        "name": "queries_user_name",
        "time": 0.0
      },
      {
        "name": "creates_largekey",
        "time": 0.0
      },
      {
        "name": "creates_nullvalue",
        "time": 0.0
      },
      {
        "name": "access_windows_passwords_vault",
        "time": 0.0
      },
      {
        "name": "dump_lsa_via_windows_error_reporting",
        "time": 0.0
      },
      {
        "name": "lsass_credential_dumping",
        "time": 0.0
      },
      {
        "name": "critical_process",
        "time": 0.0
      },
      {
        "name": "query_fips_reconnaissance",
        "time": 0.0
      },
      {
        "name": "cryptopool_domains",
        "time": 0.0
      },
      {
        "name": "dead_connect",
        "time": 0.0
      },
      {
        "name": "dead_link",
        "time": 0.0
      },
      {
        "name": "debugs_self",
        "time": 0.0
      },
      {
        "name": "decoy_document",
        "time": 0.0
      },
      {
        "name": "decoy_image",
        "time": 0.0
      },
      {
        "name": "deletes_consolehost_history",
        "time": 0.0
      },
      {
        "name": "deletes_self",
        "time": 0.0
      },
      {
        "name": "deletes_shadow_copies",
        "time": 0.0
      },
      {
        "name": "deletes_system_state_backup",
        "time": 0.0
      },
      {
        "name": "dep_bypass",
        "time": 0.0
      },
      {
        "name": "dep_disable",
        "time": 0.0
      },
      {
        "name": "disables_mappeddrives_autodisconnect",
        "time": 0.0
      },
      {
        "name": "disables_spdy",
        "time": 0.0
      },
      {
        "name": "disables_wfp",
        "time": 0.0
      },
      {
        "name": "add_windows_defender_exclusions",
        "time": 0.0
      },
      {
        "name": "mountpoints_volume_discovery",
        "time": 0.0
      },
      {
        "name": "dll_load_uncommon_file_types",
        "time": 0.0
      },
      {
        "name": "dllload_suspicious_directory",
        "time": 0.0
      },
      {
        "name": "document_script_exe_drop",
        "time": 0.0
      },
      {
        "name": "driver_load",
        "time": 0.0
      },
      {
        "name": "install_kernel_driver_service",
        "time": 0.0
      },
      {
        "name": "malformed_dll_loading",
        "time": 0.0
      },
      {
        "name": "dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "encrypted_ioc",
        "time": 0.0
      },
      {
        "name": "registers_vectored_exception_handler",
        "time": 0.0
      },
      {
        "name": "exec_crash",
        "time": 0.0
      },
      {
        "name": "process_creation_suspicious_location",
        "time": 0.0
      },
      {
        "name": "exploit_getbasekerneladdress",
        "time": 0.0
      },
      {
        "name": "exploit_gethaldispatchtable",
        "time": 0.0
      },
      {
        "name": "exploit_heapspray",
        "time": 0.0
      },
      {
        "name": "downloads_from_filehosting",
        "time": 0.0
      },
      {
        "name": "generic_phish",
        "time": 0.0
      },
      {
        "name": "http_request",
        "time": 0.0
      },
      {
        "name": "infostealer_browser",
        "time": 0.0
      },
      {
        "name": "infostealer_browser_password",
        "time": 0.0
      },
      {
        "name": "infostealer_cookies",
        "time": 0.0
      },
      {
        "name": "captures_screenshot",
        "time": 0.0
      },
      {
        "name": "injection_createremotethread",
        "time": 0.0
      },
      {
        "name": "creates_suspended_process",
        "time": 0.0
      },
      {
        "name": "injection_explorer",
        "time": 0.0
      },
      {
        "name": "injection_module_stomping_probing",
        "time": 0.0
      },
      {
        "name": "injection_needextension",
        "time": 0.0
      },
      {
        "name": "injection_network_traffic",
        "time": 0.0
      },
      {
        "name": "injection_runpe",
        "time": 0.0
      },
      {
        "name": "injection_rwx",
        "time": 0.0
      },
      {
        "name": "section_mapping_injection",
        "time": 0.0
      },
      {
        "name": "injection_themeinitapihook",
        "time": 0.0
      },
      {
        "name": "apc_injection",
        "time": 0.0
      },
      {
        "name": "resumethread_remote_process",
        "time": 0.0
      },
      {
        "name": "injection_write_exe_process",
        "time": 0.0
      },
      {
        "name": "injection_write_process",
        "time": 0.0
      },
      {
        "name": "internet_dropper",
        "time": 0.0
      },
      {
        "name": "interprocess_comms_mutex",
        "time": 0.0
      },
      {
        "name": "interprocess_comms_named_pipe",
        "time": 0.0
      },
      {
        "name": "interprocess_comms_shared_memory",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_named_pipe",
        "time": 0.0
      },
      {
        "name": "ipc_namedpipe",
        "time": 0.0
      },
      {
        "name": "js_phish",
        "time": 0.0
      },
      {
        "name": "js_suspicious_redirect",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_internet_explorer_exporter",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_run_exe_helper_utility",
        "time": 0.0
      },
      {
        "name": "execute_ps_via_syncappvpublishingserver",
        "time": 0.0
      },
      {
        "name": "malicious_dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "reads_memory_remote_process",
        "time": 0.0
      },
      {
        "name": "unbacked_exception_filter",
        "time": 0.0
      },
      {
        "name": "unbacked_process_mitigation_alteration",
        "time": 0.0
      },
      {
        "name": "thread_unbacked_memory",
        "time": 0.0
      },
      {
        "name": "unbacked_api_resolution",
        "time": 0.0
      },
      {
        "name": "unbacked_dotnet_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_library_load",
        "time": 0.0
      },
      {
        "name": "unbacked_memory_apc_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_memory_protection_alteration",
        "time": 0.0
      },
      {
        "name": "unbacked_mutex_creation",
        "time": 0.0
      },
      {
        "name": "unbacked_process_creation",
        "time": 0.0
      },
      {
        "name": "unbacked_veh_registration",
        "time": 0.0
      },
      {
        "name": "unbacked_com_instantiation",
        "time": 0.0
      },
      {
        "name": "unbacked_crypto_operations",
        "time": 0.0
      },
      {
        "name": "unbacked_delay_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_file_dropping",
        "time": 0.0
      },
      {
        "name": "unbacked_process_enumeration",
        "time": 0.0
      },
      {
        "name": "unbacked_registry_modification",
        "time": 0.0
      },
      {
        "name": "unbacked_service_manipulation",
        "time": 0.0
      },
      {
        "name": "unbacked_token_manipulation",
        "time": 0.0
      },
      {
        "name": "unbacked_wmi_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_bind_shell",
        "time": 0.0
      },
      {
        "name": "unbacked_dns_resolution",
        "time": 0.0
      },
      {
        "name": "unbacked_memory_network_connection",
        "time": 0.0
      },
      {
        "name": "unbacked_named_pipe_creation",
        "time": 0.0
      },
      {
        "name": "unbacked_useragent_retrieval",
        "time": 0.0
      },
      {
        "name": "mimics_filetime",
        "time": 0.0
      },
      {
        "name": "amsi_bypass_via_com_registry",
        "time": 0.0
      },
      {
        "name": "access_auto_logons_via_registry",
        "time": 0.0
      },
      {
        "name": "access_boot_key_via_registry",
        "time": 0.0
      },
      {
        "name": "create_suspicious_lnk_files",
        "time": 0.0
      },
      {
        "name": "credential_access_via_windows_credential_history",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_microsoft_exchange",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_waas_medic_svc_com_typelib",
        "time": 0.0
      },
      {
        "name": "execute_file_downloaded_via_openssh",
        "time": 0.0
      },
      {
        "name": "execute_safe_mode_from_suspicious_process",
        "time": 0.0
      },
      {
        "name": "execute_scripts_via_microsoft_management_console",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_processes_via_windows_mssql_service",
        "time": 0.0
      },
      {
        "name": "execution_from_self_extracting_archive",
        "time": 0.0
      },
      {
        "name": "ip_address_discovery_via_trusted_program",
        "time": 0.0
      },
      {
        "name": "load_dll_via_control_panel",
        "time": 0.0
      },
      {
        "name": "network_connection_via_suspicious_process",
        "time": 0.0
      },
      {
        "name": "potential_location_discovery_via_unusual_process",
        "time": 0.0
      },
      {
        "name": "store_executable_registry",
        "time": 0.0
      },
      {
        "name": "Suspicious_Execution_Via_MicrosoftExchangeTransportAgent",
        "time": 0.0
      },
      {
        "name": "suspicious_java_execution_via_win_scripts",
        "time": 0.0
      },
      {
        "name": "Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File",
        "time": 0.0
      },
      {
        "name": "uses_restart_manager_for_suspicious_activities",
        "time": 0.0
      },
      {
        "name": "modify_desktop_wallpaper",
        "time": 0.0
      },
      {
        "name": "modify_zoneid_ads",
        "time": 0.0
      },
      {
        "name": "move_file_on_reboot",
        "time": 0.0
      },
      {
        "name": "multiple_useragents",
        "time": 0.0
      },
      {
        "name": "network_anomaly",
        "time": 0.0
      },
      {
        "name": "network_bind",
        "time": 0.0
      },
      {
        "name": "etherhiding_smart_contract_call",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_archive",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_free_webhosting",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_generic",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_interactsh",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_opensource",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_pastesite",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_payload",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_serviceinterface",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_socialmedia",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_telegram",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_tempstorage",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_urlshortener",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_useragent",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_exfil",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_generic",
        "time": 0.0
      },
      {
        "name": "network_dns_idn",
        "time": 0.0
      },
      {
        "name": "network_dns_suspicious_querytype",
        "time": 0.0
      },
      {
        "name": "network_dns_tunneling_request",
        "time": 0.0
      },
      {
        "name": "network_document_http",
        "time": 0.0
      },
      {
        "name": "explorer_http",
        "time": 0.0
      },
      {
        "name": "network_fake_useragent",
        "time": 0.0
      },
      {
        "name": "legitimate_domain_abuse",
        "time": 0.0
      },
      {
        "name": "suspicious_communication_trusted_site",
        "time": 0.0
      },
      {
        "name": "network_tor",
        "time": 0.0
      },
      {
        "name": "office_com_load",
        "time": 0.0
      },
      {
        "name": "office_dotnet_load",
        "time": 0.0
      },
      {
        "name": "office_mshtml_load",
        "time": 0.0
      },
      {
        "name": "office_vb_load",
        "time": 0.0
      },
      {
        "name": "office_wmi_load",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882_network",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444_m2",
        "time": 0.0
      },
      {
        "name": "office_flash_load",
        "time": 0.0
      },
      {
        "name": "office_postscript",
        "time": 0.0
      },
      {
        "name": "office_suspicious_processes",
        "time": 0.0
      },
      {
        "name": "office_write_exe",
        "time": 0.0
      },
      {
        "name": "decompress_exe",
        "time": 0.0
      },
      {
        "name": "persistence_via_autodial_dll_registry",
        "time": 0.0
      },
      {
        "name": "persistence_autorun",
        "time": 0.0
      },
      {
        "name": "persistence_autorun_tasks",
        "time": 0.0
      },
      {
        "name": "persistence_bootexecute",
        "time": 0.0
      },
      {
        "name": "persistence_registry_script",
        "time": 0.0
      },
      {
        "name": "powershell_network_connection",
        "time": 0.0
      },
      {
        "name": "powershell_download",
        "time": 0.0
      },
      {
        "name": "powershell_request",
        "time": 0.0
      },
      {
        "name": "createtoolhelp32snapshot_module_enumeration",
        "time": 0.0
      },
      {
        "name": "enumerates_running_processes",
        "time": 0.0
      },
      {
        "name": "process_interest",
        "time": 0.0
      },
      {
        "name": "process_needed",
        "time": 0.0
      },
      {
        "name": "ransomware_iocp_asynchronous_encryption",
        "time": 0.0
      },
      {
        "name": "kernel_crypto_driver_abuse",
        "time": 0.0
      },
      {
        "name": "mass_data_encryption",
        "time": 0.0
      },
      {
        "name": "ransomware_extension_hijack",
        "time": 0.0
      },
      {
        "name": "mass_file_modification_access",
        "time": 0.0
      },
      {
        "name": "ransomware_attribute_stripping",
        "time": 0.0
      },
      {
        "name": "ransomware_file_modifications",
        "time": 0.0
      },
      {
        "name": "mass_ransom_note_drop",
        "time": 0.0
      },
      {
        "name": "ransomware_message",
        "time": 0.0
      },
      {
        "name": "reads_self",
        "time": 0.0
      },
      {
        "name": "recon_beacon",
        "time": 0.0
      },
      {
        "name": "recon_programs",
        "time": 0.0
      },
      {
        "name": "recon_systeminfo",
        "time": 0.0
      },
      {
        "name": "accesses_recyclebin",
        "time": 0.0
      },
      {
        "name": "removes_zoneid_ads",
        "time": 0.0
      },
      {
        "name": "script_created_process",
        "time": 0.0
      },
      {
        "name": "script_network_activity",
        "time": 0.0
      },
      {
        "name": "suspicious_js_script",
        "time": 0.0
      },
      {
        "name": "javascript_timer",
        "time": 0.0
      },
      {
        "name": "secure_login_phishing",
        "time": 0.0
      },
      {
        "name": "securityxploded_modules",
        "time": 0.0
      },
      {
        "name": "get_clipboard_data",
        "time": 0.0
      },
      {
        "name": "sets_autoconfig_url",
        "time": 0.0
      },
      {
        "name": "spoofs_procname",
        "time": 0.0
      },
      {
        "name": "stack_pivot",
        "time": 0.0
      },
      {
        "name": "stack_pivot_file_created",
        "time": 0.0
      },
      {
        "name": "stack_pivot_process_create",
        "time": 0.0
      },
      {
        "name": "set_clipboard_data",
        "time": 0.0
      },
      {
        "name": "stealth_childproc",
        "time": 0.0
      },
      {
        "name": "stealth_file",
        "time": 0.0
      },
      {
        "name": "stealth_system_procname",
        "time": 0.0
      },
      {
        "name": "stealth_timeout",
        "time": 0.0
      },
      {
        "name": "stealth_window",
        "time": 0.0
      },
      {
        "name": "queries_keyboard_layout",
        "time": 0.0
      },
      {
        "name": "queries_locale_api",
        "time": 0.0
      },
      {
        "name": "terminates_remote_process",
        "time": 0.0
      },
      {
        "name": "uiautomationcore_load",
        "time": 0.0
      },
      {
        "name": "user_enum",
        "time": 0.0
      },
      {
        "name": "mmc_dll_script_load",
        "time": 0.0
      },
      {
        "name": "mmc_dotnet_load",
        "time": 0.0
      },
      {
        "name": "virus",
        "time": 0.0
      },
      {
        "name": "webmail_phish",
        "time": 0.0
      },
      {
        "name": "persists_dev_util",
        "time": 0.0
      },
      {
        "name": "spawns_dev_util",
        "time": 0.0
      },
      {
        "name": "alters_windows_utility",
        "time": 0.0
      },
      {
        "name": "overwrites_accessibility_utility",
        "time": 0.0
      },
      {
        "name": "Potential_Lateral_Movement_Via_SMBEXEC",
        "time": 0.0
      },
      {
        "name": "potential_WebShell_Via_ScreenConnectServer",
        "time": 0.0
      },
      {
        "name": "uses_Microsoft_HTML_Help_Executable",
        "time": 0.0
      },
      {
        "name": "wiper_zeroedbytes",
        "time": 0.0
      },
      {
        "name": "wmi_create_process",
        "time": 0.0
      },
      {
        "name": "wmi_script_process",
        "time": 0.0
      },
      {
        "name": "antianalysis_tls_section",
        "time": 0.0
      },
      {
        "name": "antivirus_clamav",
        "time": 0.0
      },
      {
        "name": "antivirus_virustotal",
        "time": 0.0
      },
      {
        "name": "bad_certs",
        "time": 0.0
      },
      {
        "name": "bad_ssl_certs",
        "time": 0.0
      },
      {
        "name": "banker_zeus_p2p",
        "time": 0.0
      },
      {
        "name": "banker_zeus_url",
        "time": 0.0
      },
      {
        "name": "binary_yara",
        "time": 0.0
      },
      {
        "name": "bot_athenahttp",
        "time": 0.0
      },
      {
        "name": "bot_dirtjumper",
        "time": 0.0
      },
      {
        "name": "bot_drive",
        "time": 0.0
      },
      {
        "name": "bot_drive2",
        "time": 0.0
      },
      {
        "name": "bot_madness",
        "time": 0.0
      },
      {
        "name": "byod_loldrivers_match",
        "time": 0.0
      },
      {
        "name": "byod_novel_driver",
        "time": 0.0
      },
      {
        "name": "byod_post_load_exploitation",
        "time": 0.0
      },
      {
        "name": "byod_driver_service_install",
        "time": 0.0
      },
      {
        "name": "com_spawned_process",
        "time": 0.0
      },
      {
        "name": "phishing_kit_detected",
        "time": 0.0
      },
      {
        "name": "family_proxyback",
        "time": 0.0
      },
      {
        "name": "flare_capa_antianalysis",
        "time": 0.0
      },
      {
        "name": "flare_capa_collection",
        "time": 0.0
      },
      {
        "name": "flare_capa_communication",
        "time": 0.0
      },
      {
        "name": "flare_capa_compiler",
        "time": 0.0
      },
      {
        "name": "flare_capa_datamanipulation",
        "time": 0.0
      },
      {
        "name": "flare_capa_executable",
        "time": 0.0
      },
      {
        "name": "flare_capa_hostinteraction",
        "time": 0.0
      },
      {
        "name": "flare_capa_impact",
        "time": 0.0
      },
      {
        "name": "flare_capa_lib",
        "time": 0.0
      },
      {
        "name": "flare_capa_linking",
        "time": 0.0
      },
      {
        "name": "flare_capa_loadcode",
        "time": 0.0
      },
      {
        "name": "flare_capa_malwarefamily",
        "time": 0.0
      },
      {
        "name": "flare_capa_nursery",
        "time": 0.0
      },
      {
        "name": "flare_capa_persistence",
        "time": 0.0
      },
      {
        "name": "flare_capa_runtime",
        "time": 0.0
      },
      {
        "name": "flare_capa_targeting",
        "time": 0.0
      },
      {
        "name": "threatfox",
        "time": 0.0
      },
      {
        "name": "log4shell",
        "time": 0.0
      },
      {
        "name": "mimics_extension",
        "time": 0.0
      },
      {
        "name": "network_country_distribution",
        "time": 0.0
      },
      {
        "name": "network_cnc_http",
        "time": 0.0
      },
      {
        "name": "network_ip_exe",
        "time": 0.0
      },
      {
        "name": "network_dga",
        "time": 0.0
      },
      {
        "name": "network_dga_fraunhofer",
        "time": 0.0
      },
      {
        "name": "network_dyndns",
        "time": 0.003
      },
      {
        "name": "network_excessive_udp",
        "time": 0.0
      },
      {
        "name": "network_http",
        "time": 0.0
      },
      {
        "name": "network_icmp",
        "time": 0.0
      },
      {
        "name": "network_irc",
        "time": 0.0
      },
      {
        "name": "network_open_proxy",
        "time": 0.0
      },
      {
        "name": "network_questionable_http_path",
        "time": 0.0
      },
      {
        "name": "network_questionable_https_path",
        "time": 0.0
      },
      {
        "name": "network_smtp",
        "time": 0.0
      },
      {
        "name": "network_torgateway",
        "time": 0.001
      },
      {
        "name": "origin_langid",
        "time": 0.0
      },
      {
        "name": "origin_resource_langid",
        "time": 0.0
      },
      {
        "name": "overlay",
        "time": 0.0
      },
      {
        "name": "pe_deep_entrypoint",
        "time": 0.0
      },
      {
        "name": "packer_unknown_pe_section_name",
        "time": 0.0
      },
      {
        "name": "packer_aspack",
        "time": 0.0
      },
      {
        "name": "packer_aspirecrypt",
        "time": 0.0
      },
      {
        "name": "packer_bedsprotector",
        "time": 0.0
      },
      {
        "name": "packer_confuser",
        "time": 0.0
      },
      {
        "name": "packer_enigma",
        "time": 0.0
      },
      {
        "name": "packer_entropy",
        "time": 0.0
      },
      {
        "name": "packer_mpress",
        "time": 0.0
      },
      {
        "name": "packer_nate",
        "time": 0.0
      },
      {
        "name": "packer_nspack",
        "time": 0.0
      },
      {
        "name": "packer_smartassembly",
        "time": 0.0
      },
      {
        "name": "packer_spices",
        "time": 0.0
      },
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "packer_titan",
        "time": 0.0
      },
      {
        "name": "packer_upx",
        "time": 0.0
      },
      {
        "name": "packer_vmprotect",
        "time": 0.0
      },
      {
        "name": "packer_yoda",
        "time": 0.0
      },
      {
        "name": "pdf_annot_urls_checker",
        "time": 0.0
      },
      {
        "name": "pe_cert_invalid_signature",
        "time": 0.0
      },
      {
        "name": "pe_cert_self_signed",
        "time": 0.0
      },
      {
        "name": "pe_cert_suspicious_issuer",
        "time": 0.0
      },
      {
        "name": "polymorphic",
        "time": 0.0
      },
      {
        "name": "punch_plus_plus_pcres",
        "time": 0.0
      },
      {
        "name": "procmem_yara",
        "time": 0.0
      },
      {
        "name": "recon_checkip",
        "time": 0.0
      },
      {
        "name": "sigma_events",
        "time": 0.0
      },
      {
        "name": "static_authenticode",
        "time": 0.0
      },
      {
        "name": "invalid_authenticode_signature",
        "time": 0.0
      },
      {
        "name": "static_dotnet_anomaly",
        "time": 0.0
      },
      {
        "name": "static_java",
        "time": 0.0
      },
      {
        "name": "static_pdf",
        "time": 0.0
      },
      {
        "name": "contains_pe_overlay",
        "time": 0.0
      },
      {
        "name": "static_pe_anomaly",
        "time": 0.0
      },
      {
        "name": "pe_compile_timestomping",
        "time": 0.0
      },
      {
        "name": "static_pe_pdbpath",
        "time": 0.0
      },
      {
        "name": "static_rat_config",
        "time": 0.0
      },
      {
        "name": "static_versioninfo_anomaly",
        "time": 0.0
      },
      {
        "name": "browser_credential_theft_headless",
        "time": 0.0
      },
      {
        "name": "suricata_alert",
        "time": 0.0
      },
      {
        "name": "suspicious_html_body",
        "time": 0.0
      },
      {
        "name": "suspicious_html_name",
        "time": 0.0
      },
      {
        "name": "suspicious_html_title",
        "time": 0.0
      },
      {
        "name": "volatility_devicetree_1",
        "time": 0.0
      },
      {
        "name": "volatility_handles_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_2",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_1",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_2",
        "time": 0.0
      },
      {
        "name": "volatility_modscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_2",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_3",
        "time": 0.0
      },
      {
        "name": "whois_create",
        "time": 0.0
      },
      {
        "name": "accesses_mailslot",
        "time": 0.0
      },
      {
        "name": "accesses_netlogon_regkey",
        "time": 0.001
      },
      {
        "name": "accesses_public_folder",
        "time": 0.0
      },
      {
        "name": "accesses_sysvol",
        "time": 0.001
      },
      {
        "name": "writes_sysvol",
        "time": 0.0
      },
      {
        "name": "adds_admin_user",
        "time": 0.0
      },
      {
        "name": "adds_user",
        "time": 0.0
      },
      {
        "name": "overwrites_admin_password",
        "time": 0.0
      },
      {
        "name": "antianalysis_detectfile",
        "time": 0.006
      },
      {
        "name": "antianalysis_detectreg",
        "time": 0.145
      },
      {
        "name": "modify_attachment_manager",
        "time": 0.0
      },
      {
        "name": "antiav_detectfile",
        "time": 0.012
      },
      {
        "name": "antiav_detectreg",
        "time": 0.659
      },
      {
        "name": "antiav_srp",
        "time": 0.0
      },
      {
        "name": "antiav_whitespace",
        "time": 0.0
      },
      {
        "name": "antidebug_devices",
        "time": 0.002
      },
      {
        "name": "antiemu_windefend",
        "time": 0.001
      },
      {
        "name": "antiemu_wine_reg",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoo_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_fortinet_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_joe_anubis_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_mutex",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_threattrack_files",
        "time": 0.0
      },
      {
        "name": "antivm_bochs_keys",
        "time": 0.011
      },
      {
        "name": "antivm_generic_bios",
        "time": 0.007
      },
      {
        "name": "antivm_generic_diskreg",
        "time": 0.024
      },
      {
        "name": "antivm_hyperv_keys",
        "time": 0.011
      },
      {
        "name": "antivm_parallels_keys",
        "time": 0.034
      },
      {
        "name": "antivm_recentdocs",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_devices",
        "time": 0.001
      },
      {
        "name": "antivm_vbox_files",
        "time": 0.005
      },
      {
        "name": "antivm_vbox_keys",
        "time": 0.071
      },
      {
        "name": "antivm_vmware_devices",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_files",
        "time": 0.002
      },
      {
        "name": "antivm_vmware_keys",
        "time": 0.05
      },
      {
        "name": "antivm_vmware_mutexes",
        "time": 0.0
      },
      {
        "name": "antivm_vpc_files",
        "time": 0.0
      },
      {
        "name": "antivm_vpc_keys",
        "time": 0.022
      },
      {
        "name": "antivm_vpc_mutex",
        "time": 0.0
      },
      {
        "name": "antivm_xen_keys",
        "time": 0.033
      },
      {
        "name": "ketrican_regkeys",
        "time": 0.005
      },
      {
        "name": "bitcoin_opencl",
        "time": 0.0
      },
      {
        "name": "enumerates_physical_drives",
        "time": 0.0
      },
      {
        "name": "bot_russkill",
        "time": 0.0
      },
      {
        "name": "browser_addon",
        "time": 0.0
      },
      {
        "name": "chromium_browser_extension_directory",
        "time": 0.0
      },
      {
        "name": "browser_helper_object",
        "time": 0.0
      },
      {
        "name": "browser_security",
        "time": 0.001
      },
      {
        "name": "browser_startpage",
        "time": 0.0
      },
      {
        "name": "executes_headless_browser",
        "time": 0.0
      },
      {
        "name": "suspicious_browser_arguments",
        "time": 0.001
      },
      {
        "name": "ie_disables_process_tab",
        "time": 0.0
      },
      {
        "name": "odbcconf_bypass",
        "time": 0.0
      },
      {
        "name": "squiblydoo_bypass",
        "time": 0.0
      },
      {
        "name": "squiblytwo_bypass",
        "time": 0.0
      },
      {
        "name": "bypass_chromium_protection",
        "time": 0.0
      },
      {
        "name": "bypass_firewall",
        "time": 0.011
      },
      {
        "name": "checks_uac_status",
        "time": 0.002
      },
      {
        "name": "uac_bypass_cmstpcom",
        "time": 0.0
      },
      {
        "name": "uac_bypass_delegateexecute_sdclt",
        "time": 0.0
      },
      {
        "name": "uac_bypass_fodhelper",
        "time": 0.0
      },
      {
        "name": "cape_extracted_content",
        "time": 0.0
      },
      {
        "name": "clears_logs",
        "time": 0.001
      },
      {
        "name": "cmdline_obfuscation",
        "time": 0.0
      },
      {
        "name": "cmdline_switches",
        "time": 0.0
      },
      {
        "name": "cmdline_terminate",
        "time": 0.0
      },
      {
        "name": "cmdline_forfiles_wildcard",
        "time": 0.0
      },
      {
        "name": "cmdline_http_link",
        "time": 0.0
      },
      {
        "name": "cmdline_long_string",
        "time": 0.0
      },
      {
        "name": "cmdline_reversed_http_link",
        "time": 0.0
      },
      {
        "name": "long_commandline",
        "time": 0.0
      },
      {
        "name": "powershell_renamed_commandline",
        "time": 0.0
      },
      {
        "name": "copies_self",
        "time": 0.0
      },
      {
        "name": "credwiz_credentialaccess",
        "time": 0.0
      },
      {
        "name": "enables_wdigest",
        "time": 0.0
      },
      {
        "name": "vaultcmd_credentialaccess",
        "time": 0.0
      },
      {
        "name": "file_credential_store_access",
        "time": 0.001
      },
      {
        "name": "file_credential_store_write",
        "time": 0.0
      },
      {
        "name": "kerberos_credential_access_via_rubeus",
        "time": 0.0
      },
      {
        "name": "registry_credential_dumping",
        "time": 0.0
      },
      {
        "name": "registry_credential_store_access",
        "time": 0.002
      },
      {
        "name": "registry_lsa_secrets_access",
        "time": 0.001
      },
      {
        "name": "comsvcs_credentialdump",
        "time": 0.0
      },
      {
        "name": "cryptomining_stratum_command",
        "time": 0.0
      },
      {
        "name": "deepfreeze_mutex",
        "time": 0.0
      },
      {
        "name": "deletes_executed_files",
        "time": 0.0
      },
      {
        "name": "disables_app_launch",
        "time": 0.0
      },
      {
        "name": "disables_auto_app_termination",
        "time": 0.0
      },
      {
        "name": "disables_appv_virtualization",
        "time": 0.0
      },
      {
        "name": "disables_backups",
        "time": 0.001
      },
      {
        "name": "disables_browser_warn",
        "time": 0.001
      },
      {
        "name": "disables_context_menus",
        "time": 0.0
      },
      {
        "name": "disables_cpl_disable",
        "time": 0.0
      },
      {
        "name": "disables_crashdumps",
        "time": 0.0
      },
      {
        "name": "disables_event_logging",
        "time": 0.0
      },
      {
        "name": "disables_folder_options",
        "time": 0.0
      },
      {
        "name": "disables_notificationcenter",
        "time": 0.0
      },
      {
        "name": "disables_power_options",
        "time": 0.001
      },
      {
        "name": "disables_restore_default_state",
        "time": 0.0
      },
      {
        "name": "disables_run_command",
        "time": 0.0
      },
      {
        "name": "disables_smartscreen",
        "time": 0.0
      },
      {
        "name": "disables_startmenu_search",
        "time": 0.0
      },
      {
        "name": "disables_system_restore",
        "time": 0.0
      },
      {
        "name": "disables_uac",
        "time": 0.0
      },
      {
        "name": "disables_wer",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender_logging",
        "time": 0.0
      },
      {
        "name": "removes_windows_defender_contextmenu",
        "time": 0.0
      },
      {
        "name": "removes_windows_defender_updates",
        "time": 0.0
      },
      {
        "name": "windows_defender_powershell",
        "time": 0.0
      },
      {
        "name": "disables_windows_file_protection",
        "time": 0.0
      },
      {
        "name": "disables_windowsupdate",
        "time": 0.0
      },
      {
        "name": "disables_winfirewall",
        "time": 0.0
      },
      {
        "name": "folder_enumeration",
        "time": 0.002
      },
      {
        "name": "discover_registry_mount_points",
        "time": 0.002
      },
      {
        "name": "adfind_domain_enumeration",
        "time": 0.0
      },
      {
        "name": "domain_enumeration_commands",
        "time": 0.0
      },
      {
        "name": "driver_filtermanager",
        "time": 0.0
      },
      {
        "name": "dropper",
        "time": 0.0
      },
      {
        "name": "dll_archive_execution",
        "time": 0.0
      },
      {
        "name": "lnk_archive_execution",
        "time": 0.0
      },
      {
        "name": "script_archive_execution",
        "time": 0.0
      },
      {
        "name": "excel4_macro_urls",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_ntlm_relay",
        "time": 0.0
      },
      {
        "name": "spooler_access",
        "time": 0.0
      },
      {
        "name": "spooler_svc_start",
        "time": 0.0
      },
      {
        "name": "mapped_drives_uac",
        "time": 0.0
      },
      {
        "name": "hides_recycle_bin_icon",
        "time": 0.0
      },
      {
        "name": "infostealer_bitcoin",
        "time": 0.006
      },
      {
        "name": "infostealer_ftp",
        "time": 0.223
      },
      {
        "name": "infostealer_im",
        "time": 0.127
      },
      {
        "name": "infostealer_mail",
        "time": 0.035
      },
      {
        "name": "Evade_Execution_Via_ASPNet_Compiler",
        "time": 0.0
      },
      {
        "name": "Evade_Execute_Via_DeviceCredentialDeployment",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Filter_Manager_Control",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Intel_GFXDownloadWrapper",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_appvlp",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_OpenSSH",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_PesterPSModule",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_ScriptRunner",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_ttdinject",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_VisualStudioLiveShare",
        "time": 0.0
      },
      {
        "name": "Execute_Msiexec_Via_Explorer",
        "time": 0.0
      },
      {
        "name": "execute_remote_msi",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_runscripthelper",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_sqlps",
        "time": 0.0
      },
      {
        "name": "Indirect_Command_Execution_Via_ConsoleWindowHost",
        "time": 0.0
      },
      {
        "name": "Perform_Malicious_Activities_Via_Headless_Browser",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_CertOC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_MSIEXEC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_Odbcconf",
        "time": 0.0
      },
      {
        "name": "Scriptlet_Proxy_Execution_Via_Pubprn",
        "time": 0.0
      },
      {
        "name": "ie_martian_children",
        "time": 0.0
      },
      {
        "name": "office_martian_children",
        "time": 0.0
      },
      {
        "name": "mimics_icon",
        "time": 0.0
      },
      {
        "name": "masquerade_process_name",
        "time": 0.021
      },
      {
        "name": "mimikatz_modules",
        "time": 0.0
      },
      {
        "name": "ms_office_cmd_rce",
        "time": 0.0
      },
      {
        "name": "mount_copy_to_webdav_share",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_legit_utilities",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_qemu",
        "time": 0.0
      },
      {
        "name": "suspicious_execution_via_dotnet_remoting",
        "time": 0.0
      },
      {
        "name": "modify_certs",
        "time": 0.0
      },
      {
        "name": "dotnet_clr_usagelog_regkeys",
        "time": 0.0
      },
      {
        "name": "modify_hostfile",
        "time": 0.0
      },
      {
        "name": "modify_oem_information",
        "time": 0.0
      },
      {
        "name": "modify_security_center_warnings",
        "time": 0.0
      },
      {
        "name": "modify_uac_prompt",
        "time": 0.0
      },
      {
        "name": "network_dns_blockchain",
        "time": 0.0
      },
      {
        "name": "network_dns_opennic",
        "time": 0.001
      },
      {
        "name": "network_dns_paste_site",
        "time": 0.001
      },
      {
        "name": "network_dns_reverse_proxy",
        "time": 0.0
      },
      {
        "name": "network_dns_temp_file_storage",
        "time": 0.001
      },
      {
        "name": "network_dns_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_dns_url_shortener",
        "time": 0.005
      },
      {
        "name": "network_dns_doh_tls",
        "time": 0.0
      },
      {
        "name": "suspicious_tld",
        "time": 0.004
      },
      {
        "name": "network_tor_service",
        "time": 0.0
      },
      {
        "name": "office_code_page",
        "time": 0.0
      },
      {
        "name": "office_addinloading",
        "time": 0.0
      },
      {
        "name": "office_perfkey",
        "time": 0.0
      },
      {
        "name": "office_macro",
        "time": 0.0
      },
      {
        "name": "changes_trust_center_settings",
        "time": 0.0
      },
      {
        "name": "disables_vba_trust_access",
        "time": 0.0
      },
      {
        "name": "office_macro_autoexecution",
        "time": 0.0
      },
      {
        "name": "office_macro_ioc",
        "time": 0.0
      },
      {
        "name": "office_macro_malicious_prediction",
        "time": 0.0
      },
      {
        "name": "office_macro_suspicious",
        "time": 0.0
      },
      {
        "name": "rtf_aslr_bypass",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_characterset",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_version",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_content",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_office_file",
        "time": 0.0
      },
      {
        "name": "rtf_exploit_static",
        "time": 0.0
      },
      {
        "name": "office_security",
        "time": 0.0
      },
      {
        "name": "accesses_office_username",
        "time": 0.001
      },
      {
        "name": "office_anomalous_feature",
        "time": 0.0
      },
      {
        "name": "office_dde_command",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_mutex",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_regkey",
        "time": 0.002
      },
      {
        "name": "persistence_ads",
        "time": 0.0
      },
      {
        "name": "persistence_safeboot",
        "time": 0.0
      },
      {
        "name": "persistence_ifeo",
        "time": 0.0
      },
      {
        "name": "persistence_silent_process_exit",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_registry",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_shadowing",
        "time": 0.0
      },
      {
        "name": "persistence_service",
        "time": 0.0
      },
      {
        "name": "persistence_shim_database",
        "time": 0.0
      },
      {
        "name": "powershell_scriptblock_logging",
        "time": 0.0
      },
      {
        "name": "powershell_command_suspicious",
        "time": 0.0
      },
      {
        "name": "powershell_history_save_mod",
        "time": 0.0
      },
      {
        "name": "powershell_renamed",
        "time": 0.0
      },
      {
        "name": "powershell_reversed",
        "time": 0.0
      },
      {
        "name": "powershell_variable_obfuscation",
        "time": 0.0
      },
      {
        "name": "prevents_safeboot",
        "time": 0.0
      },
      {
        "name": "cmdline_process_discovery",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_generic",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_known",
        "time": 0.009
      },
      {
        "name": "ransomware_files",
        "time": 0.022
      },
      {
        "name": "ransomware_recyclebin",
        "time": 0.0
      },
      {
        "name": "ransomware_revil_regkey",
        "time": 0.0
      },
      {
        "name": "reads_password_database",
        "time": 0.001
      },
      {
        "name": "recon_fingerprint",
        "time": 0.005
      },
      {
        "name": "rdptcp_key",
        "time": 0.0
      },
      {
        "name": "uses_rdp_clip",
        "time": 0.0
      },
      {
        "name": "uses_remote_desktop_session",
        "time": 0.0
      },
      {
        "name": "removes_networking_icon",
        "time": 0.0
      },
      {
        "name": "removes_pinned_programs",
        "time": 0.0
      },
      {
        "name": "removes_security_maintenance_icon",
        "time": 0.0
      },
      {
        "name": "removes_startmenu_defaults",
        "time": 0.001
      },
      {
        "name": "removes_username_startmenu",
        "time": 0.0
      },
      {
        "name": "sniffer_winpcap",
        "time": 0.001
      },
      {
        "name": "spreading_autoruninf",
        "time": 0.0
      },
      {
        "name": "stealth_hidden_extension",
        "time": 0.0
      },
      {
        "name": "stealth_hiddenreg",
        "time": 0.0
      },
      {
        "name": "stealth_hide_notifications",
        "time": 0.0
      },
      {
        "name": "stealth_webhistory",
        "time": 0.0
      },
      {
        "name": "sysinternals_psexec",
        "time": 0.0
      },
      {
        "name": "sysinternals_tools",
        "time": 0.0
      },
      {
        "name": "language_check_registry",
        "time": 0.0
      },
      {
        "name": "tampers_etw",
        "time": 0.001
      },
      {
        "name": "lsa_tampering",
        "time": 0.0
      },
      {
        "name": "tampers_powershell_logging",
        "time": 0.0
      },
      {
        "name": "territorial_disputes_sigs",
        "time": 0.211
      },
      {
        "name": "uses_adfind",
        "time": 0.0
      },
      {
        "name": "uses_ms_protocol",
        "time": 0.0
      },
      {
        "name": "owa_web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_processes",
        "time": 0.0
      },
      {
        "name": "dotnet_csc_build",
        "time": 0.0
      },
      {
        "name": "mavinject_lolbin",
        "time": 0.0
      },
      {
        "name": "multiple_explorer_instances",
        "time": 0.0
      },
      {
        "name": "script_tool_executed",
        "time": 0.0
      },
      {
        "name": "suspicious_certutil_use",
        "time": 0.0
      },
      {
        "name": "suspicious_command_tools",
        "time": 0.002
      },
      {
        "name": "suspicious_mpcmdrun_use",
        "time": 0.0
      },
      {
        "name": "suspicious_ping_use",
        "time": 0.0
      },
      {
        "name": "uses_powershell_copyitem",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities",
        "time": 0.002
      },
      {
        "name": "uses_windows_utilities_appcmd",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_csvde_ldifde",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_cipher",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_clickonce",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_curl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_dsquery",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_esentutl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_finger",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_mode",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_ntdsutil",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_nltest",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_setx",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_xcopy",
        "time": 0.0
      },
      {
        "name": "wmic_command_suspicious",
        "time": 0.0
      },
      {
        "name": "scrcons_wmi_script_consumer",
        "time": 0.0
      }
    ],
    "reporting": [
      {
        "name": "BinGraph",
        "time": 0.0
      }
    ]
  },
  "target": {
    "category": "file",
    "file": {
      "name": "vs_Community_1_.exe",
      "path": "/opt/CAPEv2/storage/binaries/79c9902767596462a437e153fb1403bdfeb9b2d4ddc2f569a130649254eb27c6",
      "guest_paths": "",
      "size": 4462512,
      "crc32": "F30D72B9",
      "md5": "4ac02923d47a5c559e04312c22708174",
      "sha1": "0d1771aa398877d80f554f2c352c621205141dcd",
      "sha256": "79c9902767596462a437e153fb1403bdfeb9b2d4ddc2f569a130649254eb27c6",
      "sha512": "e27480067816976cfaddc92094e324da3fcd34bb28e6a6dc5258d853364bbd19da0fd6f34b1d1c1ba6bffd0b3a529c2dd762c54e3e611fe3fb010f4a963fe5f8",
      "rh_hash": null,
      "ssdeep": "98304:IEIOawEveQQgZP2A+3CWGLAllEITi9cRZPPhYPB2vyoMEmLwJ:jqv4S/kCWGOlEI29cXnhYsqCoK",
      "type": "PE32 executable (GUI) Intel 80386, for MS Windows",
      "yara": [],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T13226235238C8507FDD2F1635075FE6B219BAAAE07B84489F5F403A2C4D3568248B9FDB",
      "sha3_384": "21196cb44abde9e0c4a9ea2907ad23e1774c350b0d9d5908487b4e627ea738c3f2671945a161449e8ff2078087191ec2",
      "yara_hash": "68e243d1d9aeb1f1e94057af9823c58e140832514ed3e7b46b181bf94e4e12ce",
      "options_hash": "b7818797508282994ea72592ded64b364725c9400a38d418189579c94a89385e",
      "pe": {
        "guest_signers": {
          "aux_sha1": null,
          "aux_timestamp": null,
          "aux_valid": false,
          "aux_error": true,
          "aux_error_desc": "File not found: C:\\Users\\Rajesh\\AppData\\Local\\Temp\\60\\vs_Community_1_.exe",
          "aux_signers": []
        },
        "digital_signers": [],
        "imagebase": "0x00400000",
        "entrypoint": "0x0001e090",
        "ep_bytes": "e8d1040000e978feffff558bec8b4508",
        "peid_signatures": null,
        "reported_checksum": "0x0044fd7a",
        "actual_checksum": "0x0044fd7a",
        "osversion": "5.1",
        "machine_type": "IMAGE_FILE_MACHINE_I386",
        "pdbpath": "D:\\a\\_work\\1\\s\\bin\\BoxStub\\Release\\Win32\\boxstub.pdb",
        "imports": {
          "ole32": {
            "dll": "ole32.dll",
            "imports": [
              {
                "address": "0x43b28c",
                "name": "CoInitializeEx"
              }
            ]
          },
          "COMCTL32": {
            "dll": "COMCTL32.dll",
            "imports": []
          },
          "RPCRT4": {
            "dll": "RPCRT4.dll",
            "imports": [
              {
                "address": "0x43b224",
                "name": "RpcStringFreeW"
              },
              {
                "address": "0x43b228",
                "name": "UuidToStringW"
              },
              {
                "address": "0x43b22c",
                "name": "UuidCreate"
              }
            ]
          },
          "SHELL32": {
            "dll": "SHELL32.dll",
            "imports": [
              {
                "address": "0x43b234",
                "name": "CommandLineToArgvW"
              },
              {
                "address": "0x43b238",
                "name": "SHBrowseForFolderW"
              },
              {
                "address": "0x43b23c",
                "name": "SHGetPathFromIDListW"
              },
              {
                "address": "0x43b240",
                "name": "ShellExecuteExW"
              }
            ]
          },
          "SHLWAPI": {
            "dll": "SHLWAPI.dll",
            "imports": [
              {
                "address": "0x43b248",
                "name": "PathRemoveExtensionW"
              }
            ]
          },
          "USER32": {
            "dll": "USER32.dll",
            "imports": [
              {
                "address": "0x43b250",
                "name": "PostQuitMessage"
              },
              {
                "address": "0x43b254",
                "name": "SetWindowTextW"
              },
              {
                "address": "0x43b258",
                "name": "GetDlgItem"
              },
              {
                "address": "0x43b25c",
                "name": "DialogBoxParamW"
              },
              {
                "address": "0x43b260",
                "name": "GetWindowLongW"
              },
              {
                "address": "0x43b264",
                "name": "SendMessageW"
              },
              {
                "address": "0x43b268",
                "name": "GetWindow"
              },
              {
                "address": "0x43b26c",
                "name": "GetWindowThreadProcessId"
              },
              {
                "address": "0x43b270",
                "name": "GetTopWindow"
              },
              {
                "address": "0x43b274",
                "name": "MessageBoxW"
              },
              {
                "address": "0x43b278",
                "name": "SetWindowLongW"
              },
              {
                "address": "0x43b27c",
                "name": "PostMessageW"
              },
              {
                "address": "0x43b280",
                "name": "LoadStringW"
              },
              {
                "address": "0x43b284",
                "name": "EndDialog"
              }
            ]
          },
          "ADVAPI32": {
            "dll": "ADVAPI32.dll",
            "imports": [
              {
                "address": "0x43b000",
                "name": "RegQueryValueExW"
              },
              {
                "address": "0x43b004",
                "name": "RegOpenKeyExW"
              },
              {
                "address": "0x43b008",
                "name": "DecryptFileW"
              },
              {
                "address": "0x43b00c",
                "name": "CryptReleaseContext"
              },
              {
                "address": "0x43b010",
                "name": "CryptGenRandom"
              },
              {
                "address": "0x43b014",
                "name": "CryptAcquireContextW"
              },
              {
                "address": "0x43b018",
                "name": "RegCloseKey"
              }
            ]
          },
          "KERNEL32": {
            "dll": "KERNEL32.dll",
            "imports": [
              {
                "address": "0x43b028",
                "name": "GetSystemInfo"
              },
              {
                "address": "0x43b02c",
                "name": "FileTimeToSystemTime"
              },
              {
                "address": "0x43b030",
                "name": "VirtualProtect"
              },
              {
                "address": "0x43b034",
                "name": "FileTimeToLocalFileTime"
              },
              {
                "address": "0x43b038",
                "name": "MoveFileExW"
              },
              {
                "address": "0x43b03c",
                "name": "CreateEventA"
              },
              {
                "address": "0x43b040",
                "name": "GlobalAlloc"
              },
              {
                "address": "0x43b044",
                "name": "SetCurrentDirectoryW"
              },
              {
                "address": "0x43b048",
                "name": "GetCurrentDirectoryW"
              },
              {
                "address": "0x43b04c",
                "name": "RemoveDirectoryW"
              },
              {
                "address": "0x43b050",
                "name": "GetFileAttributesW"
              },
              {
                "address": "0x43b054",
                "name": "DeleteFileW"
              },
              {
                "address": "0x43b058",
                "name": "VirtualQuery"
              },
              {
                "address": "0x43b05c",
                "name": "LoadLibraryExA"
              },
              {
                "address": "0x43b060",
                "name": "ExitThread"
              },
              {
                "address": "0x43b064",
                "name": "GlobalFree"
              },
              {
                "address": "0x43b068",
                "name": "WaitForMultipleObjects"
              },
              {
                "address": "0x43b06c",
                "name": "FileTimeToDosDateTime"
              },
              {
                "address": "0x43b070",
                "name": "TlsSetValue"
              },
              {
                "address": "0x43b074",
                "name": "GetModuleHandleW"
              },
              {
                "address": "0x43b078",
                "name": "GetTickCount"
              },
              {
                "address": "0x43b07c",
                "name": "SetEnvironmentVariableW"
              },
              {
                "address": "0x43b080",
                "name": "GetLastError"
              },
              {
                "address": "0x43b084",
                "name": "ExpandEnvironmentStringsW"
              },
              {
                "address": "0x43b088",
                "name": "Sleep"
              },
              {
                "address": "0x43b08c",
                "name": "GetProcessId"
              },
              {
                "address": "0x43b090",
                "name": "WaitForSingleObject"
              },
              {
                "address": "0x43b094",
                "name": "GetExitCodeProcess"
              },
              {
                "address": "0x43b098",
                "name": "CloseHandle"
              },
              {
                "address": "0x43b09c",
                "name": "SetFileAttributesW"
              },
              {
                "address": "0x43b0a0",
                "name": "InitializeCriticalSection"
              },
              {
                "address": "0x43b0a4",
                "name": "CreateEventW"
              },
              {
                "address": "0x43b0a8",
                "name": "CreateThread"
              },
              {
                "address": "0x43b0ac",
                "name": "DeleteCriticalSection"
              },
              {
                "address": "0x43b0b0",
                "name": "EnterCriticalSection"
              },
              {
                "address": "0x43b0b4",
                "name": "LeaveCriticalSection"
              },
              {
                "address": "0x43b0b8",
                "name": "SetEvent"
              },
              {
                "address": "0x43b0bc",
                "name": "GetCommandLineW"
              },
              {
                "address": "0x43b0c0",
                "name": "lstrlenW"
              },
              {
                "address": "0x43b0c4",
                "name": "CompareStringW"
              },
              {
                "address": "0x43b0c8",
                "name": "LocalFree"
              },
              {
                "address": "0x43b0cc",
                "name": "CreateDirectoryW"
              },
              {
                "address": "0x43b0d0",
                "name": "LoadLibraryW"
              },
              {
                "address": "0x43b0d4",
                "name": "GetProcAddress"
              },
              {
                "address": "0x43b0d8",
                "name": "GetSystemDirectoryW"
              },
              {
                "address": "0x43b0dc",
                "name": "SetDefaultDllDirectories"
              },
              {
                "address": "0x43b0e0",
                "name": "FreeLibrary"
              },
              {
                "address": "0x43b0e4",
                "name": "SystemTimeToTzSpecificLocalTime"
              },
              {
                "address": "0x43b0e8",
                "name": "GetSystemTime"
              },
              {
                "address": "0x43b0ec",
                "name": "GetTimeZoneInformation"
              },
              {
                "address": "0x43b0f0",
                "name": "FormatMessageW"
              },
              {
                "address": "0x43b0f4",
                "name": "GetTempPathW"
              },
              {
                "address": "0x43b0f8",
                "name": "lstrlenA"
              },
              {
                "address": "0x43b0fc",
                "name": "InitializeCriticalSectionAndSpinCount"
              },
              {
                "address": "0x43b100",
                "name": "ResetEvent"
              },
              {
                "address": "0x43b104",
                "name": "WaitForSingleObjectEx"
              },
              {
                "address": "0x43b108",
                "name": "UnhandledExceptionFilter"
              },
              {
                "address": "0x43b10c",
                "name": "SetUnhandledExceptionFilter"
              },
              {
                "address": "0x43b110",
                "name": "GetCurrentProcess"
              },
              {
                "address": "0x43b114",
                "name": "TerminateProcess"
              },
              {
                "address": "0x43b118",
                "name": "IsProcessorFeaturePresent"
              },
              {
                "address": "0x43b11c",
                "name": "IsDebuggerPresent"
              },
              {
                "address": "0x43b120",
                "name": "GetStartupInfoW"
              },
              {
                "address": "0x43b124",
                "name": "QueryPerformanceCounter"
              },
              {
                "address": "0x43b128",
                "name": "GetCurrentProcessId"
              },
              {
                "address": "0x43b12c",
                "name": "GetCurrentThreadId"
              },
              {
                "address": "0x43b130",
                "name": "GetSystemTimeAsFileTime"
              },
              {
                "address": "0x43b134",
                "name": "InitializeSListHead"
              },
              {
                "address": "0x43b138",
                "name": "RtlUnwind"
              },
              {
                "address": "0x43b13c",
                "name": "SetLastError"
              },
              {
                "address": "0x43b140",
                "name": "EncodePointer"
              },
              {
                "address": "0x43b144",
                "name": "TlsAlloc"
              },
              {
                "address": "0x43b148",
                "name": "TlsGetValue"
              },
              {
                "address": "0x43b14c",
                "name": "FreeLibraryAndExitThread"
              },
              {
                "address": "0x43b150",
                "name": "TlsFree"
              },
              {
                "address": "0x43b154",
                "name": "LoadLibraryExW"
              },
              {
                "address": "0x43b158",
                "name": "RaiseException"
              },
              {
                "address": "0x43b15c",
                "name": "GetStdHandle"
              },
              {
                "address": "0x43b160",
                "name": "WriteFile"
              },
              {
                "address": "0x43b164",
                "name": "GetModuleFileNameW"
              },
              {
                "address": "0x43b168",
                "name": "ExitProcess"
              },
              {
                "address": "0x43b16c",
                "name": "GetModuleHandleExW"
              },
              {
                "address": "0x43b170",
                "name": "HeapFree"
              },
              {
                "address": "0x43b174",
                "name": "HeapAlloc"
              },
              {
                "address": "0x43b178",
                "name": "GetFileType"
              },
              {
                "address": "0x43b17c",
                "name": "LCMapStringW"
              },
              {
                "address": "0x43b180",
                "name": "FindClose"
              },
              {
                "address": "0x43b184",
                "name": "FindFirstFileExW"
              },
              {
                "address": "0x43b188",
                "name": "FindNextFileW"
              },
              {
                "address": "0x43b18c",
                "name": "IsValidCodePage"
              },
              {
                "address": "0x43b190",
                "name": "GetACP"
              },
              {
                "address": "0x43b194",
                "name": "GetOEMCP"
              },
              {
                "address": "0x43b198",
                "name": "GetCPInfo"
              },
              {
                "address": "0x43b19c",
                "name": "GetCommandLineA"
              },
              {
                "address": "0x43b1a0",
                "name": "MultiByteToWideChar"
              },
              {
                "address": "0x43b1a4",
                "name": "WideCharToMultiByte"
              },
              {
                "address": "0x43b1a8",
                "name": "GetEnvironmentStringsW"
              },
              {
                "address": "0x43b1ac",
                "name": "FreeEnvironmentStringsW"
              },
              {
                "address": "0x43b1b0",
                "name": "SetStdHandle"
              },
              {
                "address": "0x43b1b4",
                "name": "GetStringTypeW"
              },
              {
                "address": "0x43b1b8",
                "name": "GetProcessHeap"
              },
              {
                "address": "0x43b1bc",
                "name": "GetFileSizeEx"
              },
              {
                "address": "0x43b1c0",
                "name": "SetFilePointerEx"
              },
              {
                "address": "0x43b1c4",
                "name": "FlushFileBuffers"
              },
              {
                "address": "0x43b1c8",
                "name": "GetConsoleOutputCP"
              },
              {
                "address": "0x43b1cc",
                "name": "GetConsoleMode"
              },
              {
                "address": "0x43b1d0",
                "name": "HeapSize"
              },
              {
                "address": "0x43b1d4",
                "name": "HeapReAlloc"
              },
              {
                "address": "0x43b1d8",
                "name": "ReadFile"
              },
              {
                "address": "0x43b1dc",
                "name": "DecodePointer"
              },
              {
                "address": "0x43b1e0",
                "name": "CreateFileW"
              },
              {
                "address": "0x43b1e4",
                "name": "WriteConsoleW"
              },
              {
                "address": "0x43b1e8",
                "name": "DuplicateHandle"
              },
              {
                "address": "0x43b1ec",
                "name": "FindFirstFileW"
              },
              {
                "address": "0x43b1f0",
                "name": "SetEndOfFile"
              },
              {
                "address": "0x43b1f4",
                "name": "SetFilePointer"
              },
              {
                "address": "0x43b1f8",
                "name": "DosDateTimeToFileTime"
              },
              {
                "address": "0x43b1fc",
                "name": "LocalFileTimeToFileTime"
              },
              {
                "address": "0x43b200",
                "name": "SetFileTime"
              },
              {
                "address": "0x43b204",
                "name": "CreateFileA"
              },
              {
                "address": "0x43b208",
                "name": "GetVersionExW"
              },
              {
                "address": "0x43b20c",
                "name": "GetLocalTime"
              },
              {
                "address": "0x43b210",
                "name": "GetComputerNameW"
              }
            ]
          },
          "OLEAUT32": {
            "dll": "OLEAUT32.dll",
            "imports": [
              {
                "address": "0x43b218",
                "name": "SysAllocString"
              },
              {
                "address": "0x43b21c",
                "name": "VariantClear"
              }
            ]
          }
        },
        "exported_dll_name": "boxstub.exe",
        "exports": [
          {
            "address": "0x43e000",
            "name": "?dwPlaceholder@@3PAEA",
            "ordinal": 1
          }
        ],
        "dirents": [
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
            "virtual_address": "0x00038e50",
            "size": "0x00000054"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
            "virtual_address": "0x0003b298",
            "size": "0x000000c8"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
            "virtual_address": "0x0003f000",
            "size": "0x0002bf88"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
            "virtual_address": "0x0043f058",
            "size": "0x00002758"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
            "virtual_address": "0x0006b000",
            "size": "0x00002710"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
            "virtual_address": "0x00008980",
            "size": "0x00000054"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_TLS",
            "virtual_address": "0x000089d4",
            "size": "0x00000018"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
            "virtual_address": "0x00006c18",
            "size": "0x00000040"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IAT",
            "virtual_address": "0x0003b000",
            "size": "0x00000294"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
            "virtual_address": "0x00038cc0",
            "size": "0x00000060"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          }
        ],
        "sections": [
          {
            "name": ".text",
            "raw_address": "0x00000400",
            "virtual_address": "0x00001000",
            "virtual_size": "0x00037ea4",
            "size_of_data": "0x00038000",
            "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x60000020",
            "entropy": "6.56"
          },
          {
            "name": ".data",
            "raw_address": "0x00038400",
            "virtual_address": "0x00039000",
            "virtual_size": "0x00001e80",
            "size_of_data": "0x00000e00",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "2.50"
          },
          {
            "name": ".idata",
            "raw_address": "0x00039200",
            "virtual_address": "0x0003b000",
            "virtual_size": "0x0000117e",
            "size_of_data": "0x00001200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "5.45"
          },
          {
            "name": ".didat",
            "raw_address": "0x0003a400",
            "virtual_address": "0x0003d000",
            "virtual_size": "0x0000002c",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "0.45"
          },
          {
            "name": ".boxld01",
            "raw_address": "0x0003a600",
            "virtual_address": "0x0003e000",
            "virtual_size": "0x000000b8",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "1.67"
          },
          {
            "name": ".rsrc",
            "raw_address": "0x0003a800",
            "virtual_address": "0x0003f000",
            "virtual_size": "0x0002bf88",
            "size_of_data": "0x0002c000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "5.65"
          },
          {
            "name": ".reloc",
            "raw_address": "0x00066800",
            "virtual_address": "0x0006b000",
            "virtual_size": "0x00002710",
            "size_of_data": "0x00002800",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x42000040",
            "entropy": "6.59"
          }
        ],
        "overlay": {
          "offset": "0x00069000",
          "size": "0x003d87b0"
        },
        "resources": [
          {
            "name": "RT_ICON",
            "offset": "0x0003f460",
            "size": "0x000074cb",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "7.98"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0004692c",
            "size": "0x000094a8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "4.63"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0004fdd4",
            "size": "0x000067e8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "4.74"
          },
          {
            "name": "RT_ICON",
            "offset": "0x000565bc",
            "size": "0x00005488",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "4.73"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0005ba44",
            "size": "0x00004228",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "4.78"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0005fc6c",
            "size": "0x00003a48",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "4.81"
          },
          {
            "name": "RT_ICON",
            "offset": "0x000636b4",
            "size": "0x000025a8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "4.86"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00065c5c",
            "size": "0x00001a68",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "4.99"
          },
          {
            "name": "RT_ICON",
            "offset": "0x000676c4",
            "size": "0x000010a8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "5.12"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0006876c",
            "size": "0x00000988",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "5.16"
          },
          {
            "name": "RT_ICON",
            "offset": "0x000690f4",
            "size": "0x000006b8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "5.39"
          },
          {
            "name": "RT_ICON",
            "offset": "0x000697ac",
            "size": "0x00000468",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "5.56"
          },
          {
            "name": "RT_DIALOG",
            "offset": "0x00069c14",
            "size": "0x0000011c",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "3.15"
          },
          {
            "name": "RT_DIALOG",
            "offset": "0x00069d30",
            "size": "0x00000170",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "3.34"
          },
          {
            "name": "RT_STRING",
            "offset": "0x00069ea0",
            "size": "0x00000582",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "3.12"
          },
          {
            "name": "RT_STRING",
            "offset": "0x0006a424",
            "size": "0x00000228",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "3.25"
          },
          {
            "name": "RT_STRING",
            "offset": "0x0006a64c",
            "size": "0x0000004e",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.09"
          },
          {
            "name": "RT_GROUP_ICON",
            "offset": "0x0006a69c",
            "size": "0x000000ae",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "3.21"
          },
          {
            "name": "RT_VERSION",
            "offset": "0x0006a74c",
            "size": "0x0000037c",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "3.47"
          },
          {
            "name": "RT_MANIFEST",
            "offset": "0x0006aac8",
            "size": "0x000004c0",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "5.32"
          }
        ],
        "versioninfo": [
          {
            "name": "CompanyName",
            "value": "Microsoft Corporation"
          },
          {
            "name": "FileDescription",
            "value": "Visual Studio Installer"
          },
          {
            "name": "FileVersion",
            "value": "17.14.37411.7"
          },
          {
            "name": "InternalName",
            "value": "vs_community.exe"
          },
          {
            "name": "OriginalFilename",
            "value": "vs_community.exe"
          },
          {
            "name": "ProductName",
            "value": "Microsoft Visual Studio Community"
          },
          {
            "name": "ProductVersion",
            "value": "Visual Studio 2022"
          },
          {
            "name": "LegalCopyright",
            "value": "© Microsoft Corporation. All rights reserved."
          },
          {
            "name": "Translation",
            "value": "0x0409 0x04b0"
          }
        ],
        "imphash": "f110885d852ff89401e593e1d379b595",
        "timestamp": "2025-08-18 22:03:19",
        "icon": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAZd0lEQVR4nO1de3Bc5XX/ne/uriQbbOFHAD/CCvOoO0AkA2mTTILVziQlf3RkMyUh0zT2dNqUToJX/JNMkuLVTF6knVjuME3apLXdTuoABankAUwmsdJMSYAUieIECHa0jgkQHpawAVm7936nf3yvc++uXivJMXaPZ7V3737P8/yd813JhP8nlHq+0cmgXQB3AgyABgnVvv7B7ZXFnlst9gSnO5V69hQZOADwZmZuZ0Y7M29b2rZ89Hu3/2bnYs9Piz3B6UyG+YUDYBSZGGCAweZLZly+fgO6N72zUq2e7O66ua2yGGs4ay2g1LOnndFyAECRAcF882Iwfv3KC2DmYj7fMvqzf+ZFsYazVgCMlgGADfM9480bs7k+8fqJ0J65fPDrenT4KxPFhVzHWSmAUs+/7zI+HwgaD4DZuyC218xeNGCgmM+3jD7xtYWzhrNOALf07N/JQMl8Yst01DHfuSGyUdLcsi1o4azhrBJA7w3f3EHgctBpd9WY+cyW8YCHK2Q7MVDM5QqjT8wzNpw1Aij1fKOTE+53n5mDEIKPCeKwKg9nJeYzeYH5n/OMDWeFAEo9+4uAGghabu6z0H/3ztBeOMwsbEW2M4OQfWfmYq7J2HDGC6DUs79IhAMgLvqbFCAnswYgLMKnAQIZ2SsS7YR9AERWWLr8v3O0hjNeAERqgIFi4GXasZPPRdkLBWAjpEwAYABE5L72xCmoxMUoV5i1NZzRArh16527GLrTq2/KoUAgn2xQJmgd7rO/a5ktArIXEqUGALMuP/5PyYzWcMYKoLT1zp3MXPLam/Yw4crFWH/t3BKn7rkeWRdEHqeKIa2QiDCjNSxILWh/ebTYwtEeZnQC3M5Mg7Va0nvTFzsqCzH+XKn3hrt2QOt+45t1pszggms22FrGi2tmxse2/IVVdYR3hGuJioC0QNh2sk0rOqnW1ZTmbQEDtx3dUdBqmJk3A1gOAKTQUyio4bs+Ndo53/HnSqWeuzrB3J9WrbTr4cA5+GzYBWOwQD8sPmfGEDGFMnqcbu9cFhdVlB994mtJyhqatoA95dH2do52aqBEDGYwOTQgVjKuE+6+8fMdI83OMxcq9ewvKqUOMKOYdjaWiQLbZ+85jZfaDzA+tvUvg5BgNJyZ/buk6b6zLexcqLCudXfd3FZpygL2l0eLy7Ua1swlu2hKYeMwYTtF6genwhI884GiXwRRneYCwd+nIWe9LuqU0ACAfNtGDPYuTWeDPUBk1NQuq6ii/PDwVyaKcxbAQN/RHQUdDTNREQhIwLlHC8n8CohwnorU8H/cduQjc51rLhRF0QBg1mRnDpmtRCrkIKV3Db5NGhOlGQ+EtmjIfHGd/ZIArZnEksDM7VGU3zNrAewpjbYP7PzVLq25H4T29CLIZ4d2eALLrTCYee9iCeHWrXfvYqDTrARCxSWFzDVNlAX1skvK/WTrQoKZkGCIvJDFLCKvYLbuCuiclQD2f3K0uGyZGtZASVao/Hooe5G5dgvVvPeuzxzZMZs5Z0u3br17J8AlY+Z2qmkCcOqWC5ZZD8Qh8JLVWmakKqNuHpchBN1zUBZegC6oG8GwHKN9RgEM3HZ0R0tLNAygKLXDDegng/el7K69S/KxhwHo/ntuOzIlLp4L9d5w1w6Ay35NggmNiDMNUrup8/dAClQIQXj8mWqe7u+EZd5JWBOsKzQLnlIA3uVA9wNo976T5ZxGLSitcf5TJqyRM81E6/Ldn5mfEEo9+zcToz97X0JCx6sMSGwwmtBM/2ILTR3gz0jXD1ovNCcMzggFVhgsvEhDAewvjxaXLzMoB4DvwGF8sZ8QcX0ghhewyBzZQzTj/7h892dGmxKCQTzRQKPvjMU5x2A3PJfBvc+XNSJLUrUE1k9l2Q0QlRety5DFd3UCGLjt6I4WjoYZKGYHyQI1kcKH3EYuBiIztAt32Nv66zkLwTL/AID2hg2yCkJugf5DQ3IAmoRmGxcqFIvdEWUa3LrYk2qXWYq3LJ2KAUEAe8rO5XA/122O0trtpeiWzcHyJWLzQateB909zVy++1OzE0KpZ0+7gZtp5ZiKwqwktIPSLTJZrixPACKwO1dGooYqLDxVpaB0oc4xRwBgON7lAOCDm79QfOgn3zrw2snjxYnJ17Fm1Xq8/XfejXPalgWcLxgrDya8mYuFk0uA2FlAnXMSqIKgCeU7Pz3a/oHPdfROx1Clltp60zQk3bH/yIKRMzgkC3uICKx1YL7D8JThh5xS+GJ2G2SAKeRJFn7a1RGrD27+QjGvCsNvTE4WifJoLZyLl8dfxncfvgfHTrzkNxDcC9sMM8wZHmYKLkdBMXnBpIKG3Ke8X7rrb0b3TMUXCzd7pueeFaoXur/rp067IkIGQbjAZRuSb5ZCP64ZOGS4GcX0ws6kSMIQGQBUPmrdBXC7WTLZIBmBWWFo5EG8NvGqQTqhezBHpFGHvGTizM7E3vw+nCbZFWls++anD9cJwZSWdbnewdfNINaScS2p9Qr1aWgRHPgfuOnvuXzZegcPAyUvKHSjTEz3I2nWpAjcY5yW0xqyPoxQrVVx/8P3YLJ20ruWLAxKP03g9pSym7Aor3AMYmJfvIJ9LhAMAm2781OHB/aURtsB4GM9/9YDnZTNaHpa9nuA7ZmWZohfYF3AkiTCp0Q6rrUA806RfFHPK5P5PqgtCyQpXDVEEPZLInPbWIJCNU7wg8e+BWlLqVwg1U/oVkazQuUR1oUxGZ9qrsVIzEQ9S5bwgfKHBjqJeY9mDVfXzwbNevYF/zwd5smSjUzTdpTuy9eS/JbcuTBsiGtQwkYaFTIAJQKCYbp3QwpECpHK4diJMfzkqaEAr1SdA0+hhka78AJKWQenKoeGv5pM4ELnuvMvHiagnVkb/bcnVbLOlGVR2sHMEHDFMhmurp+NCZlxpvCCMg565RL79e2EpyAQlDcU4YIUKfuKoChCpPI4/OzTeOyZh/wg7nA6O3iYz5la8PnkMiRtVJ7dtFy3TjAzlradg02XXYNCPg+tE4Q6fRDgdDEh5RFSq5ruhu/ZsI2WpWYRSrKHMimUJEs4gRlgcNoFEQBF5DWBhDByuQJ+VhnBL44+YRYi8bIww8D4YBGiUkgEMgEAASu79WcPuAlAS74FV3ZchUI+D2YNbV++1pTihMTb9qqRFBpySiYwvv14yGXc7ZCgWRsWPh4CMcHD1oAG5ZoMqfSOyb8UKSilQEqBKAKgUMgtwfChR/DK8RfNoH77KWFYCExhoWaFgAmjtlrnFkiC4UbwsmwLAC35VlzRcRXyuZy1AmsJ/gw3TZx5T4skU5pohILMrYrmpNszMWXwQUghz5HTyDzHF3EaJqSiFEHhn/X/7qWUsQIiBUBh6PEHcGLi1UyZIQzjMX5YRAAQLE7NskpHQZhuc2Q1prXQiisvfhvy1hLkESLq+mT4UbfE9IeM8wCBKgnVuvd+r3fE1fEl72RyGVw6i3bhO7NdyvKKXdsGxTjK6IsCQXlXRBShFtfw4KP34mTtpB0tPYIs+/oExhbhUim1eGsUCDySsDxuybfiSmsJmjU0rAU4zCGFUh+i/Jjykxs+7BiVKtC994HeSnpvwuG5PclxbHwLeY3sY9Ym9unFPkU52iGhNCIiH5xziLXG0PB34CaVzJOxwG9ZVLW863GBwA5S/3QBQgP71pJvwRUdV6KQi6B1EuJB5lme+tHQwGLlZwYBFWLu3vvAzRV5P0RI16cebMBCaa25bp6AAFO7AzDNeYCbTMJS5YUQQVEOYyfGAP+sfYCZEu/LNbLWabfjNTBosQ/oYjwZ2ACgtdCGKzquQltLm4kqziUBRhDUCIWjzsLCLgECVaCT7q+mmC+1PcS5Ov0WQZfICEFO5QCLP5wRY08jAOd/03FBCWuIojxu/GzHbgLKAcWk8FfYYV0kkzmmnNZmmLbglbauMH5roQ1XFK9CS74AzYkdzz1oa/tbFkmg0zAuMCqc1OqYn2oidSojgXpE7txOiHv+rosTZFzWjEeSqYhACiCTJSsysQEA/uSzHX1g3meFFjjnds1gbRGL9Q+ppcoPvtKY0XrZyGleLsrhyo63oTWfR6ITsNbQnEBmwwZ9hOvsWACNFPKqa0rmp2Bl0P7MuYFIgZ0LotQgHoA4p6A1gWb1ZByHGCByA4JDRYY+8LmLtwEYYWinwk4PbEgRi5K+XWiTCw1us6kIyUKjBOWiPLouvRYrl6+EFzIzdKIzCCmtphYqjxRy6O4f3D4+zfbFBQWNZ+FSPLBzMNptT84PgEh451lagI+c9lpl4KmkQh7dDKr4abMZoN1EvYe2BUPhfoILDMsgf9KR3hdAuGzt5Vi5bAUSTow1IBOcZZAGQISRnOLpme+2n77w20plxd6hsvhIWYXxWuc85CyfC8owA2SStEz3LeWOcU7QDaaKbcfyAFr+JKk0zmWw/M5lnC742b5Cod2G3aYvXXc5Vp57Hti6Ic3BCpwBmpFpX07pmZkPGEvyQV4kgVlXKsOdt/2AiMIZlYDmM6OgNMkSBWxgztJNX+yoKGALEY0z2LueDPpPaUqoF2U3FtBE+gAnIC2ybsFB1svW/S7Wrl6PRMdGENolSMZPaMa+O+778LbZMB8AEk4QJ8aqkiRBYuOM1hqs2ZdGbKgLewluAMxsnowzvsqzHwDP+dFEsq6AvCDq6cbPd4xonfQ65gg+BqaJVdRhiExOUR+M07V2B7DcWOtXr8e6Ves9czSbfCHRvO+O+z68bS77jeMqYl1DLakhTmpIdA2JTjjRCRKOjSBcMihdkuVT1kmZGE3OmBuo8IzkbDm16zq66fOX7GXFfQw2p2MyACJofDDTesgjGe8CWwjttq8d0MU9N/a6t7wVa1etg+bY9tF9c2U+ANSSKtfiScTxJGpJFbW4hlpcpVjXOI5rSHSMJImR6DhdKLSwJ6Wkcg92sU3/fgChUWaZpps+u6HM4N2+g3cV0pHXgeiwVpkD1O0jeFtvUJn4sG71eqxZuRaJjvvuuG97edabE3SyOkGTtQlM1k7a1wSq8SSq1ZNkBFI1lpHEJjMX2bnWmkIJAvBnDgKP5JpZlNvlDPwHADz4yABfc/m7sGr5+cZwhJvPpmIevdn3VF7H6XeH9VNxwTXwwY6xdvVbsWblOv7qNGssDg+053VrDyv1NmgUGegkUDvA7bfgFwCAFRM5rJjIY+3xFqw70YJLji3BqskClIpMuV7lEamEiRS5e0opX4ExAIDsoZK9waCmBTD1LyEE+qv3f21nwnFp+JlH8K4r/wBLWpaKARCYaTG1vyUZ7xqkUBOCNXlMbi5YMN8lZonW5X+85VF89O+v7XNDFocH2nM4ZweYN0PzZgZgE2lpW56OtcU41hbj0IoJf2/t8QKuq7Tj0rGlWF1tRaQiilQOETMipQBETBSRY76zgICiCPRnf7hrei7OQP/6/d6GdvDXf7xvB+u4nzlBomMACX5v43vSQvDbFVmBk0AmvxdP06Xve4cUYKs7Q050Aq1jxDpGktQQJ9W9uz863pvDOTuguQRw+3z2Luntz56L6w+vxOrJNuSiHKIoh0jlEKnIQ3Yy8J0ZTARiBjcThGemUs83OiOofiUKd8yEnz7936jFVWTUO/VmqEFcyDDfJ2ViFAO0s8yvIY6Nr364q7pt6cSSMWhdXkjmA8Aj606g77oKvt3xAqrxZIgNOkaSJL5EYuKChSbzCcIGW+q6u+bPAtAAKYKiCETGH0Yqj1qS4OdHRiC561CL/yAzBV/nzyRvQChqiejOrJGwhtYaia555o8tqeLOG6r46TXAZEvzO54NPXDpGMrv+SV+k389CELHIThDe/dJaFoA9aVewP1ZAHWASBUJ5jhTkQKpCEpFyKkCXnr1JTz97EE7Cry3ARCilXMr1ne6vCN1uO1/uiuG1mx8PhvNi+MqfnZJFXdtreGVlc3ttBk61hbjS+/8FR5bOYZqXEUc1xB7qOoyd/OzCQGwr+xJMZgHZ9UAkXlw1jBNnh+YVy5qwZEXRnH4uSfDiBkLCFlxeJo6zXyzAQeDtXbM19A6QZzEiJMaftw1ie9fFy+61jeiibzGv2x6Ad/p+A1q8SRqFqq6fMHVpuYsgKBvaaYotXQXM3W6JK3RQQ4pI4RCvg3P/PppvPLqi/UjO0QDkbCIFh5LQxTuSIORgHXChvlV/LjzJB7dlMx1ewtOD1w6hm9f/CLipIo4lSsY/s1JAKkslMMBiHlwFttcO5ekhUP+IAhlhdCSX4qRw4/ijcnXIcXq3xv4OJcw+3X4gGtesY4pTqo4tL56WjDf0YOXjuGhC8asEGqmWmsLhXMQgNt02DjrpO73tAy5Yl0DK4ARQqRyyKkCHn3qR3h98rU0vz2uRwok+ecvbRBj2N/ltYgn0TWMLY3x/ffUmmbWYtHgxpfxYmHCx4IkMUKYpQCEH/bIRKOQb0Wj39MKJB93lBbgzhQiJAw89ouHUKtVXZeQ5ImSs1iKPf4OimAKbaYmM/D+yQXx+c9sem/qNV+ayGt8fdPziBMTkDWb6urMAhCQXMJCUoTzzl0zdTdKfyBpEQjCyKk8aonGz4+OiMw4mxuItNkzn33SlWhTLv5J1yROnDuvvHJR6bllVXx3w8s2GBtYOoMAnK1zyu8qpbBq2XqoafI4WaUw6NK4JZVCRuY9pwo49uorePJXI66UI1cAOZI/qWQDOVlr1jrB2JIaHtkUz4khvw36r+KrOKEmHRqa/jzA+d3wJJp5GGrVsrXIRflZThkOZBwsJeGCXFCOogKeP/Ycfvn806Gs7IOAqwWxrf04SwQSTkhzgoe7qs1z5RTSRF5j6KIxGwuSqVXYFYzST51pnLf0fERqtsyXZKunROYB4MwjLsYSWvDL55/G88eOuh52MfaH036/HgPpxpbU8NRlpw/qmYl+1HEcr0VV6KljQJb5xtcuaWtHW8u585rcuCPl44EMzEpFKOSW4KmjB3H8jWMB81NAPS4ga1Nvh+YEz15w+rseSRN5jR9eNI5ENxRAmvFO085pa8fyJavmOTX5n/WPPNpsWZni3eM2R6grevisOBySj1zx5hIAABxaMYFEx2kBcJb5doOFfCuWzZv5jtwpWBqekivbuuppQiNvnHytm5nGwzM4ISZpm4CNL43xysrTF/lMRYdXnsTrOSOAccBln6G+45g/E9xsllw8kE9aCHg6uHRySXfvV989lOh4i4SdHhhoI4hnL3jz+P4sHTz/NSgGRgAE5jOD2WRpkYpmhJvNE3l4qlIBObfvK9/+8y39Q+axke1/t3GImEryKMyrCTO/tKK+JP5moWfPnYSKEmxn5nF3CBuKbIyVc4KbzZCo8BNBERo+NvLhv71sd4KkL9T94dwQvRndj6Oxthhq71BvJdLUlYvyFadbuVweq9svahJuzpVs9ZR5d//gn26bqtX2L20sa+J94RzA2MLx0zjznYmeW141QXjvUG9l+ZL1XW9pL+6+4LwOrFq2HrlTwnxDBPTtGvxQacaG1ZMlACO+MAec1qWHmWgiJ0oR/YNbxncN3FgCdC9sYD41xH1fvvcD5dm03N7fNT6ZVLcAXDFd37zMB0w+UBddv3zvB/u1TroAVBZ/CbNnvqOb+7sqCXM3wOOLs6ZTSw3hTf/gTRWt813M2L14U8+d+Y6MEJItIELLPEtAG9uaz+w3ti2b3+SY5kx4cV1S88x39PE73jGUICkVJmfxeN5UY1y4AfdtfAe2rph7nrN15Rrct/H38fELNzQ9/3kTuZnPAxbaJWlg+3yZ7+jWf7hud5zTQ830/fiFG3CLZd7txSvmJIStK9fg9ouuAADccuGGpoWw4o1ZCABYOJekge399964dz5jZOmNVjw+1z4b287xzHc0WyFI5ju65cINTbmyNccLsz8Tnq9LWgzmA4AiHplrnycnXsMnKgfr7s8khEbMB4BPHjmIJydONOgxPSnN/9mUAxV/ubA4i+bjWidb+gdvGmpmrpmoOHygPaerY8303bpiDW4v1jP0E5WDdfc/ceTglMy/55XnmpkecVV3NB3BSj0D7US1MhF2TNNsXGt09w/eONLsPLOhSx574ACYNjfTdyohzIbmw3wQjRza9N6upqtss3BJp4T5AICEf9hs13uPPdfQHc1E82I+AOZkN7AA/4OGQEmD9tY4MQ1pnXSdEuYDiHOt/QCNN9t/rkKYL/MBIKliCEg/J/6mpksevb8MpXbOZ4zZuKOFYD6B9z5z9R9tB86g/0VpvlYAzGwJC8F8AKhV2f+mzhkjgEpX9zh0Mu/SyVRCWCjmQ6Ov8o7rK+7jGeOCHF3y2IPDmOnPG8+CpDtaKOYzUDl89fs65L15/Jbk6Ukx6S05joYxz19BuveYYTgRFkbzQeNJNemuu7sAI592tOF/7t9GUHt+2+uQxJxsOXzN+wez98+YGCDp8NXX74XWfTO3PEWk0deI+cAZKgAAOHTt9eXTQggafYeufV95qq/PSBckacNPH+whoj3zjQlzJxpnJL2Hr75+77StTtFqfqtUHL6/GGl1gGb5P2/Mmwgj8aTeIuHm1E3PIlqIbHl6onHoZPeha68vz7rH4i3m9KTi8P3FKEGZSH1k4UY1jI9zJ/srXVvG59Rz4Rbx5qLi8P3FvMZmZrUD1GTixjwE5h82w3hHZ60AJBWH7y92PqZ2MaHnhTUYf3k1xtPxgsYZPE6MEabkiAKN1NTJwWaZLun/AITVDYezwzgwAAAAAElFTkSuQmCC",
        "icon_hash": "12fccd1569c48b3c20f1cc8e2aa5364d",
        "icon_fuzzy": "8ce33891e72d2565c69bf1ee11946278",
        "icon_dhash": "c8860cb919c6c6c0",
        "imported_dll_count": 9
      },
      "data": null,
      "strings": [
        "9Hahd",
        "4K?eCM(UM",
        "\\4Vybw",
        "Fo*zC",
        "rj5Hb",
        "BT51{",
        "`CNbZ",
        "\"F;())",
        "X1CW)",
        "Q!f<6",
        "3@L$$",
        "q=3sf",
        "V)6=I",
        "sms-fi",
        "kL!t:",
        "kV8bw&",
        "Z1pf4",
        "$1\\0#",
        "$r]`Q",
        "|`S4V",
        "ja7+nl2$",
        "uoKZQ",
        "seyf6",
        "YQWL1",
        "*e,Qw",
        "6mVb!",
        "QO(r,",
        "E=u;y",
        ".F?5+5",
        "ltX$F",
        "Sk$q[Rv",
        ".?AVbad_array_new_length@std@@",
        ">L5k&",
        "bT)Hmo",
        "jN5+4}X",
        ":1:_:",
        "_-xG3",
        "4WZ%9",
        "e<\"')",
        "#0LVtg\\",
        "J89J$s",
        "p:yGA",
        "Au~2Th",
        "z14.V",
        "OsfE9",
        "es-VE",
        "->mx@",
        "}WB%`)_",
        "de-DE",
        "MF28z",
        "9@ni>|",
        "OWHW`+",
        "K$?N`",
        "%H3|<!#?",
        "TyE((",
        "GetSystemInfo",
        "ib+z8",
        "vupB[)Dv",
        "o@ltX",
        "F.))`",
        "fR|k&U",
        "\"}.D&",
        "4SExD",
        "l[`-r/",
        "}/rHl",
        "5y*:O|",
        "##2Of",
        "y_Il6d-",
        "n(Y3P",
        "$H{'e",
        "uo+<3",
        "{D_Ik",
        "}Jvmh",
        "AqiZC",
        "p.R#7",
        "/n<g\"",
        "#&fKU",
        "F*92v",
        "]5Sxj",
        "D9~?w9)",
        "Yf~n+",
        "/\"`jn",
        "g,~_K6",
        "FO;W\\YM",
        "bc e$",
        "|%ST`/!",
        "S&6N:",
        ":0M@>",
        "9d*hN",
        "3BD'o",
        "s[jU*Q",
        "6\">|/",
        "?p=Uj7=",
        "jM1>FM",
        "_X@Br",
        "`%2U|b",
        "1Q~^f",
        "NMS\\aMO",
        "eQN4N",
        "3lJ[B",
        "r.qNbM",
        "ar-BH",
        "(}5Eqi",
        ";zw5g",
        "R_D\\/",
        "A:KwrJ",
        "23/'0",
        "y\"}j9",
        "~p_6G",
        " ,!U)",
        "?+*2J",
        "^EiPL",
        "P+!?U>",
        "+m<oF",
        "@:XKo",
        "1i*4~K",
        "L3==l",
        "MM/dd/yy",
        "y Nc=",
        "`Tk#e",
        "?(DE7:D",
        "@LMXu",
        "^CU5r=A",
        "\"723u",
        "^W,=up",
        "$'dmr",
        ":bQ>E",
        ",Df}1",
        "f\"!'f*",
        "C~]t5[",
        "D|!/c",
        "oEM:nP01",
        "s$.*u",
        "Executing extracted package: '%S' with commandline '%S'",
        ".jULv",
        "r iS,",
        "g' WR",
        "h>OEb",
        "N0L0J",
        "yUd8p",
        "39C=I`5_",
        "u#3bI",
        "Ej_'S",
        "oD\"TX",
        "qIjPJ",
        "dS:(Fl",
        "1K2Q2V2]2m2",
        "*3rM4O",
        "m6MX8",
        "aKXjj",
        "Dot7I",
        "[qIVx",
        "k9+Vz",
        "xJqBr",
        "!n:)w",
        "GetDlgItem",
        "0$0,040<0D0P0p0|0",
        "MP}M.",
        "[]+?8",
        "b6[tt",
        "*|FqI",
        "b;Oc*M",
        "$f`(<",
        "7<R9K",
        "DyIqn",
        "WRaP#",
        "VA+STN",
        "TNQJS)W",
        "v\\uFsi",
        "t1b@D",
        ".1P~)g",
        "\\i`-,",
        "4gEK8",
        "c>=tq,",
        "G5?>!",
        "0,<L*^)",
        "3N3k3",
        "Rt_>7",
        "I:Z!)",
        "#wT{t",
        "{YWToJ",
        "|IHCc",
        "\\J=B#=",
        "myD;M",
        "/q;#:",
        "%*aX>",
        "A0.0 ",
        "nC+{Q",
        "(0|!@uA",
        "el-GR",
        "6kQgso",
        "6<l*wv",
        "#IZa\\",
        "7J.{*U8C",
        "p1nh#",
        "inUx'",
        "/H^4A",
        "NnAD<",
        "jcpQE",
        "C7#y\\",
        "$RY))",
        "b056w",
        "(Ibi4",
        "}!G9&MmR",
        "d|1}+",
        "y*<R ",
        "4RFVX",
        "0[n}cEO",
        "C3kEn",
        "kL7]?",
        "=FDMl",
        "cW?q]9",
        "(|S=/",
        "f?F>y",
        "4mS6x",
        "U-\"//",
        ">#EIj",
        "9tP`IY",
        "9`B1C",
        "\\)OnH",
        "5{MG:",
        "t)ph.",
        "~ sA/h",
        "g_hXJr_",
        "4'RrP",
        "dAP,)",
        "\\.f4$",
        "-\\o})",
        "FzFUI",
        "xupRVF!$0",
        "<j>ISD<9i8",
        "B[;V7\"E",
        "k^]F8 ",
        "en-CA",
        "YFEch",
        "Jvs[d",
        " U;A7",
        "4*5/545O5\\5e5j5o5",
        "+GWl!",
        "\\y&xr",
        "i7d&a9",
        "u3,'6",
        "KAZ|G3",
        "9=B@y",
        "r{b\"rp",
        "6}$Q2",
        ";-CO-",
        "/ghPsf",
        "\"5ZB++X6",
        "?@x;e",
        "cncLBN",
        "<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\"><assemblyIdentity name=\"BoxStub\" version=\"1.0.0.0\" processorArchitecture=\"x86\" type=\"win32\"></assemblyIdentity><description>Box Stub</description><dependency><dependentAssembly><assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"X86\" publicKeyToken=\"6595b64144ccf1df\" language=\"*\"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\"><security><requestedPrivileges><requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns=\"urn:schemas-microsoft-com:compatibility.v1\"><application><supportedOS Id=\"{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}\"></supportedOS><supportedOS Id=\"{1f676c76-80e1-4239-95bb-83d0f6d0da78}\"></supportedOS><supportedOS Id=\"{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}\"></supportedOS><supportedOS Id=\"{35138b9a-5d96-4fbd-8e2d-a2440225f93a}\"></supportedOS><supportedOS Id=\"{e2011457-1546-43c5-a5fe-008deee3d3f0}\"></supportedOS></application></compatibility></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX",
        "'Ka8\\",
        "$xn<NG",
        "&&/7+",
        "Dnp+y~",
        ".?AVbad_alloc@std@@",
        "263t3",
        "wavU!",
        "{0v~i",
        "Kq>)~Yw",
        "3s,D#",
        "JeN6\\9",
        "D7hjX",
        "@Fe2:",
        "FyQ{2@",
        "h6YZN",
        "9J+~e",
        "M@ %$",
        "5hc'^",
        "]G>3F",
        "se-se",
        "<Z%ukL",
        ".CRT$XPZ",
        "nn!>a7",
        "`]gQE",
        "NExG0",
        "_18=h",
        "`XN9pf",
        "Oj6#!",
        "w.OA?@",
        "739<T",
        "1kAK@",
        "ft&9q",
        ".+R?j",
        "JhMR]O",
        "Oz!f{",
        "DRe8#7@:n",
        "e&E`N",
        "`t^x:GHkaf",
        "{S'ch5",
        "D9o#5",
        "f o//",
        "Vky8$",
        "k@&+i",
        "/PLh>t",
        "{Ebf[",
        "Anz':",
        "api-ms-win-core-file-l1-2-2",
        "N~PQu",
        "m=4$%q",
        "[#4.|",
        "<<{4?",
        "Op14/",
        "TlsFree",
        "n7(J%",
        ";~hfwE",
        "5?\\i^AH",
        "^O_M6w#",
        "Xp18I",
        "?4)i0/h",
        "]6^(0",
        "on3&V",
        "C_#=9",
        "?yUaV",
        "d1uH[F",
        "}t5JS%",
        "z%u[:",
        "ZHt!{",
        "A)#?r=#",
        "q5/]>",
        "AnJ62V",
        "/X6C1",
        "!QyI^\\",
        "IRK9U",
        "MA-zP",
        ")z_tj=oL",
        "Mc%p=F=",
        "2f{8f",
        "7LPGd",
        "LU.P1V",
        "D6g,-",
        "Ov -N",
        ";q)&6",
        "-+y8x",
        "'h<hW",
        ";{P5'",
        "!#1~4|+",
        "SVG1e",
        "pT~\\4",
        "0&:A$y",
        "=^)f3",
        "C#JZowo_",
        "{3o2#",
        ",:*t7G",
        ":`jn>R:",
        " a!/kc",
        "KDQN)",
        "lfU%C",
        "?U`QR",
        "?-UI3%<",
        "hjA1f",
        "oNC\"7",
        "k5kP-[g",
        "vk,MUDq",
        "-[{{7",
        "/;wf+",
        "?z!QoP",
        "Wd\\A`L",
        "m\\\\][q",
        "7RZ%`u",
        "{nc7\"",
        "JV^~CX",
        "_/#\"Y",
        "Ns[Yr",
        "[2~8mKp[",
        "(YaKetm",
        "0|OyJ",
        "=X*Bh",
        "y5g_&];",
        "uTY;^",
        "^^r0m",
        ";^a0k",
        "5ZF#9!",
        "pF_0,",
        "YRIlLb",
        " luZjv",
        "`3V{g",
        "Y5}`w",
        ";0=N?R?V?Z?^?b?f?j?",
        "_:4-$",
        "65btx",
        "j:.4T",
        "{E}J[",
        "~#-wU?",
        "+a'MFx",
        "DDzc|_;H",
        "!y<x#",
        "sr-BA-Latn",
        "df(>B",
        "BJM}5.",
        "n !T'$",
        "w0scj",
        "82Prw-",
        "K\\WHH[",
        "H)5E(",
        "1ec^3:",
        "a7$&n",
        "@ANVy",
        "v3*8>",
        "p<::>k",
        "0/[;F",
        "#Gg3I",
        "P9HlZ",
        "ZDGp(",
        "l[ !9G*T",
        "of~3M",
        "t[BHJ6",
        "}B/BRM",
        "Px+O+",
        ">r2eVZ",
        "5TX&Y",
        "Wbr2OV9",
        "S|)Mo",
        "edzEu",
        "Kk'sl",
        "%jO[fN",
        "40=vCk^",
        "9ZgSy",
        "div-MV",
        "\"*b3=N",
        "TfSt-",
        "5m:q_C",
        "s!?4o",
        "K[c:/.",
        "v)_Ib",
        "%sX?f",
        "I6J</s;l",
        "*N*oSp",
        "aNWe2",
        ".5**!",
        "@f9+Yi",
        "2CCTN)[A",
        "ah\",e3W",
        "Ai0\"|i#",
        "vuv4g",
        "F$>9a#",
        "%e TrWo%",
        "$FI-X",
        "782o%",
        "4+x,1",
        "t;`|I",
        "o!7dp",
        "8r jje",
        "AgLpk4",
        "9cG9M",
        "4AU#8",
        ":u*)y",
        "q%!\"n",
        "g+(Eg4",
        "lc1|W5",
        "o[n:\"B",
        "*8y,+b;",
        "n!c+6",
        ">$?,?T?l?t?|?",
        "\"c\\KL",
        "|wchf",
        "=N)ZI",
        "jAF}&",
        "v``zS",
        "Sz){m",
        "[-&Wi3",
        "#p~jY",
        "E4Oh,uc",
        "?c%X*",
        "\"9 )Z",
        "9PzP,",
        "lB-+>",
        "PZyL ",
        "v.'`3",
        "\\>-grL7(O",
        "kC2x.",
        "P~RZWw",
        ">!>+>8>B>R>",
        "V8`vWIz",
        "%)iK#>",
        ":k4K.",
        "4-585w5",
        "]H.3)=x",
        "*@9j@",
        "R^CP:#1y",
        "8^:=x,",
        "T#-#VG",
        "ar-ly",
        "h^Utg",
        "sm%g)",
        "ZHv&v",
        "HI+N|",
        "s0DKu",
        "S1WH>",
        "u4NY8",
        "`dynamic atexit destructor for '",
        "Y?y*wW}",
        "<m%t>",
        "1R|\\^o",
        "es-NI",
        "UruLz",
        "F,W!j",
        "bMqds",
        "-<gp6",
        "A[W8p]",
        "t80WG",
        ">yTxo",
        "C:reX-",
        "Se9)|C",
        "Nd|Hg",
        ":2lx@c",
        "`D?QE",
        "NhVKk",
        ";msHZ",
        "V9ynr_]",
        "(<Bp^",
        "?;uNw",
        "`0Dp9",
        "a3mw[x",
        "v,eX]",
        "R>NF8",
        "sqxAi",
        "9e6z,",
        "#R)s~",
        "w@+d9",
        "<dP]d",
        "a'\\G[T",
        "usLz.",
        "L8m-/Yk",
        "h[Nx|",
        "$,yUl",
        "4CuR\"",
        "Zstsvv",
        "#>q3dP",
        "7-6)?",
        "/(;Ps",
        "<hB\"5>",
        "Byvw1=",
        "`5<D1",
        "i>$R'",
        "i`3yd",
        "a0A.|.^",
        "i\"F1^",
        "jO-CO",
        "&_`uE",
        "w\\tT+",
        "|e}BZa",
        "*oQ;6",
        "HeapSize",
        "IRW%/&",
        "m|JCL",
        "g\\Lo/",
        "w+pUt",
        "g@q`y",
        "f|:T3=$",
        "3aKWJY",
        "F&8Ud",
        "4`7lB",
        "w\"g;oK",
        "1?:EM",
        "R()%YdRV",
        "$(l35",
        "!RbSC",
        "y2GR>",
        "r$[Oh",
        "MjQ8!",
        "KiTFVEY&m",
        "F*B#6R",
        "`X5Wnl8",
        "\"p]db0",
        "$~$S]",
        "36wk6",
        "0KCrD~`x",
        "Y,bvnV@{J",
        "yzzMmP",
        "86SL9mB",
        "}lC7^",
        "4N0q\\",
        "'zSrP",
        "lFnR|",
        " 4 jL",
        ";$;);T;",
        ">Dv$()",
        "4f3wh",
        "?Goy%o",
        "_l G)",
        "aIihh",
        "]601\"E",
        "T6ZgQ{-:",
        "|c.A94",
        "y!ABn",
        "\"_Q5/",
        "I Rug",
        "xG~1}",
        " D]C(",
        "R'P(K",
        "wbI?`",
        "&r@;g",
        "e!+/d",
        "l{n[\\",
        "%9]\\>",
        "XXK~2",
        ";ws\"V",
        "3~am\\",
        "}K$Q_",
        "Qit >5a(",
        ">QQVPwOs7]",
        "U^D4)",
        " 3vub-",
        "xI;hx",
        "ZfF1VB6",
        "pMyHY",
        "=D\\3;5",
        "MGgyG",
        "it-IT",
        "&`{7/",
        "[H~2\"R",
        ";'8Y0",
        "j^qah^=a",
        "1x]Za",
        "ZyXV}",
        "InternalName",
        "Dw\"mq",
        "ECRPMm",
        "g1~$Bx",
        "aZaL*",
        "+T664j",
        "8[Wv9",
        "sREca",
        "BaB1F",
        "X:~hM",
        "fL;h/T",
        "Unable to estimate the required size",
        "6%a`i",
        "VpHa?",
        "Df0_k",
        "9`THhF",
        "2R`n`e",
        "X5b35'j",
        "3@:B3d",
        "GetCurrentProcess",
        "3J<ii5",
        "SS.Ab",
        "=<-|U},",
        "BhsK{",
        "Mp%?\\",
        "*+f3+",
        "r(8)OAQ",
        "Z5mi)",
        "5 5.5>5S5j5",
        "\"5B'?",
        "+n<(S",
        "SAXt.",
        "-?C^T",
        "QQSO[",
        "b)EQC",
        "R5yUh7",
        "-7nuP",
        "Asvnm",
        "X:V~p(S",
        "I?w]2V",
        "Zcbm;",
        "3n+EE",
        "BC .=",
        "%Hq!|:S",
        "2Dl8i",
        "xU0`Oh",
        "ASVq1",
        "Kln0#",
        "Ha|!Wg",
        "nb-no",
        "({!<A",
        "s7jgw",
        "yaX9-",
        "(x/Rn",
        "*Y|6n",
        "Da.Psk",
        "5;nJ>K`",
        "@4&JH",
        "ZqS;0&'",
        "9lw~E<P7`n",
        "W~sPe_^",
        "-@&>I",
        "CNgpt",
        "i,pp~",
        "c/D,~",
        "(yU\"2",
        "4:_83",
        "3Lh>-P",
        "cEIk4",
        "=\\\"^<?",
        "C|b_b",
        "sZ=@9",
        "^G]}8",
        "_^[Y]",
        "[j%jv",
        "WXo6Qr",
        "U`9~D'",
        "0{v#g",
        "b^GlO",
        "a:X{Xv",
        "(AJc^",
        "%[-6M*",
        "P+5sm",
        "<^|i,o",
        ":'S[w",
        "z^RAT",
        "&-]Gd:",
        "HU+y%Z",
        "guHvHW",
        "~ips(#",
        "G9H )%",
        "+6*#6",
        "+Q#(vp",
        "7ewzT",
        "W%ALR",
        "A7R\\i`C",
        "rr5z~?",
        "Rer!w",
        "j.Yf;",
        "5hA|7",
        "OE(YR",
        "7Zbzl",
        "  tOA",
        "u7w_Y7",
        "\"ox,W",
        "<p'-]",
        "C+H`DO0",
        "Bf%UI",
        "jvR@D",
        "~?;^<c",
        "Jk{G`/",
        "md8#Mi#*8",
        "||\\jD",
        "{%>?x",
        "]Xn[+",
        "=#9=T",
        "Failed to get text length from the directory control",
        "Kq,Pdo",
        "@WZF.}",
        "'k:LR|gN",
        "^TUxQ>",
        "qiZ-,vE[(",
        "cU(>\\",
        "\\6zHb",
        "Windows8-RT-KB",
        "2QIDZ",
        "T~u<{p1",
        "L3l?*",
        "es-ES",
        "1DoRA",
        "\"Gfh4",
        "J@li~<",
        "u%jFdI",
        "kl)9k",
        ")bra%XL=",
        "bQ*F1",
        "sij\\\\",
        "de-LI",
        "Aq&gGktC",
        "9d\\JT",
        "kkJs@",
        "YXT?{",
        ",}+WM",
        ")SzSC@",
        "r4sb:Q%",
        "})!szs ",
        "J7wnn",
        "XMI6>",
        "'2Lzu/h",
        "nb-NO",
        "NW3B1m?A,/",
        "kGUs4O",
        "s>N^OJ4P",
        "\\_5,<h",
        " ^'S%",
        "`eyOZ",
        "%VHcu",
        "jz9Xu",
        "hi^\\_H",
        "{3~=G)",
        "DKtM(^",
        "#s#@OD.",
        "=';>\\F;",
        "e]9#-K",
        "gk8rX",
        "dp!A3",
        ">4$n<u8",
        ":=\\\"j",
        "jsDJut",
        "zT#hS",
        "5C{FX",
        "WMd7_",
        "%vhdaNs%",
        "hgpr0z",
        "6Sy>f",
        "#ll)Y",
        "8'898D8\\8",
        "E{25\"'",
        "&u](*O~",
        "0Q:dBS ",
        "bygVb",
        "cVH-!",
        "-YY3q",
        "Ek6@!",
        "?K{;@",
        "&weRR,",
        "#]p/@",
        "DuplicateHandle",
        "Oot$(",
        "fda .",
        "^9,Gc",
        "\\Ac/-",
        ",[kC\\",
        "9':V:",
        "%.?sM",
        "(GT= ",
        "5p`]Y%",
        "m_)Q{",
        "pt-BR",
        "cjcC/aR",
        "-<v9'",
        "|oD,{",
        "PathRemoveExtensionW",
        "5cA}4",
        ")!Q=U",
        "|D`5_",
        "8qrc4",
        "*kfWI",
        "^8U~#",
        "PqN.q",
        "bzU1c",
        "9'nP%",
        "uk-ua",
        "Failed to verify box container #%d.",
        "pUobk",
        "Z`_F3",
        "8V/>9",
        "Q=iTZ",
        "8gWu[",
        "r2@@P",
        "+@2i\\",
        "=JQ`v)",
        ">{~Fd?v",
        "Ufnl2#N",
        "h-wlDy",
        "F^KtA",
        "zlsgQ",
        "p[=rt",
        "5=-K4",
        ";Ko[R",
        "`local vftable'",
        "WHL^@0:",
        "p.zF.",
        ";&{)'(X",
        "%BZ5\\o",
        "es-gt",
        "en-za",
        "Wh!'=",
        "ugWp%",
        ":i)F ",
        "]t()o",
        "h;DzC",
        ")'jyXi",
        "<e)\"5bZ'",
        "9n_l?",
        "uB95x",
        "?w/vX",
        "6~/{dP",
        "t]^;b",
        ",$w1$",
        "*K#a;",
        ".u5Mk",
        "O-;U?",
        "X`S+%!",
        "DialogBoxParamW",
        "QY,iX(H:Ja",
        "FW}>Z",
        ">< -s,",
        "L*a_C",
        "EPztA",
        ">bobE",
        " jj?l",
        "V>0%k#Zq",
        "+7h3y%x",
        "DI[gGi",
        "SHo5o",
        "0k_<Fk",
        "C|c4R",
        "SA>gN",
        "Jx]x<e:",
        "bj}N\\?k",
        "T7PlRXn>",
        "]T9boh",
        "\\\\?\\UNC",
        ".iTyn",
        "(wSHT?;",
        "zkZ%QnG",
        "&U-Y7g",
        "NJ^^9",
        "9'9^9",
        "!O)[f",
        "^wgf*S",
        "825nlu",
        "C;_`|",
        "~MA6q",
        "[f=q'&@W9<V)",
        "yW^cg",
        "$:qIm",
        "\"n*-\\",
        "_i}}k",
        "9G4uZ",
        "q3BD.",
        "rTf;u",
        "ywSxl",
        "qtqw36K",
        "/e2;q",
        "&qg%@",
        "w5=h'k",
        "tL+Y2",
        "q/IAl",
        "5NJ'$]",
        ")l}Pg",
        "h~:o,",
        "eL~kI",
        "XyQ^t",
        ">8;``",
        "O3{3b<",
        "U6HiFq+",
        "p%iTI0",
        "!t^ni",
        "C,MC>",
        "'YT'. ",
        "r|=X<",
        ":FBW]",
        "fT7J0-",
        "o_*N`",
        "Qu0)L",
        "sI%_/n",
        "V5j||E",
        "-(4So",
        "*h!zdf",
        "Fto1[",
        "v s3.",
        "^jQ4+r",
        "LTy>l",
        "C1. u",
        "!8i(z",
        "\\i[Gb",
        "'leTQ@",
        "h+KD@",
        ".N.S\"~q",
        "s\\+=+1",
        "8I9S;",
        "'57Jp",
        "F[p^z",
        "_WY{q",
        "df{q:",
        "[Y?/\"m",
        "g/6C8J",
        "u PWQR",
        ")>#6o",
        "QT.O0Pd",
        "+R!Ah",
        "yAoiGY6",
        "XT-W0",
        "5xY4z",
        " _SFX_CAB_EXE_ORIGINALWORKINGDIR:",
        ".idata$3",
        "8?Ve8",
        ")/D%,1",
        "OHQQR",
        "H/@N$",
        "KFJ&.",
        "dgtai",
        ":iT6I",
        "\"}ok~V",
        "q.Nry",
        "D{D=h",
        "/0@>x",
        "Gv27l",
        "Failed to load module: %ls",
        "<rOsx",
        ";cIq?",
        "GHoB/",
        "rdzp>",
        "E\\fcm>",
        "NO8]K",
        "u(RPW",
        "qm,KM",
        "w_SJw",
        "6FPf ",
        ".;1c3",
        "9AjTJc",
        "V8<Qb5x",
        ",Lqq)",
        "VhDW-",
        "NIe5O",
        "lqG1C",
        "4&;ir&",
        "TM[i3BD",
        "ko#bn",
        "18vro",
        "w}DOO8",
        "'I`gt=",
        "+Q#x<",
        "'F#eM",
        "J6RK{",
        "zE:st",
        "Hj+_q",
        "dL\\P5",
        "S/4}cM",
        "Pi3r#",
        ">\"Rz=",
        "Wq$EFu]\"",
        "kO#tg",
        "\"~>Ue;",
        "GDZD~",
        "zfpYK",
        "8x3r['",
        "!~`)A",
        "3o'sz",
        "yrnEt",
        ">>1)YE!",
        ")$G1x",
        "!#VtRw",
        "o=b?D",
        "l&;{[",
        "|Oyz.L",
        "Y/Bd4t",
        "no= l",
        "\"<gwA",
        "MFI[O^",
        "7*M=\"",
        "4uFkry",
        "t_bW^{Q;",
        "Z`.Y%2",
        "CreateEventW",
        "zYPWv",
        "}% ,C",
        "bs-BA-Latn",
        "opX|z|L",
        "45.(-",
        "edKPahgoT~",
        "k '%R",
        "Y__^[",
        "c_jud",
        "L>srp",
        "GetCurrentThreadId",
        ".pr^G",
        "8,1s1",
        "lg:~A",
        "LGi'0,",
        "bkD@\\W",
        "H}6m{",
        "#z.Ih",
        "XC[=m",
        "O0v]&q",
        "'3dqk",
        "=cW.*",
        "E3Al}",
        "_P`Mq",
        "B|8(~",
        "<ihc7?",
        "wisWeT)",
        "3P^ih",
        "7m#?A",
        "TlsGetValue",
        "Cc2q;",
        "Qi)Jp",
        "M3/<f",
        ":h7(C",
        "RYcSx{",
        "RXZ|=",
        ",Jt'4",
        "VR$wCG",
        "jwITW",
        "1/&Q?",
        "/Rv%J",
        "BvwCf",
        "r[PZ~}1m",
        "CniN7",
        "Fz?cAQ",
        "OA(oX",
        "-3(dy",
        "+MU81",
        "!L4nF",
        "<(=.=9=~=",
        "=VU|m,2Y-</",
        "mtN!L`id",
        "-e.IC",
        "Lj3$[",
        "WriteConsoleW",
        "Sj[E:V",
        "])1M_",
        "4Hw~<pF",
        "e{}e/Z",
        "_7d4l-@",
        "x+|#s+Xq",
        "I}hi$",
        "]e<--",
        ".LR6ma",
        "%LJ0V",
        "T$Q@A",
        "-(O3U",
        "P#z]l-",
        ">fAbs",
        "Zc\"H|V}`\"",
        "c1u1|1",
        "ar-LB",
        " =AVtmE",
        "7 7-73797?7H7N7T7d7o7t7",
        ",@;<f",
        "Z?~cuQ",
        "SG`__",
        "9=E#y",
        "/*nSF",
        "kW>0Yq",
        "FQVF9",
        "eERz#",
        "J)qayA",
        "2Mbi}+",
        "__thiscall",
        "?8?D?d?p?",
        "Hn~:d",
        "T(f(;",
        "cW\"I}N?",
        "RC84~",
        "De,3M.",
        "1v7lC|",
        "1)F&\"",
        "dybNB`WB ",
        ">!>H>c>",
        "g%1sU",
        "SystemTimeToTzSpecificLocalTime",
        "(]^R.",
        "BSI\\n",
        "&vp|V",
        "Q:8>t",
        "w@+\\0",
        "`?S{t_g",
        "api-ms-win-core-localization-obsolete-l1-2-0",
        "4)D`\"g",
        "|J|NOW",
        "-Tw,=",
        "=L /q",
        "<)wV9",
        "p!h`0y",
        "{?M!i",
        "Failed to get the name of the module",
        "zYz#~!:",
        "~RKdg",
        "l:rn|",
        "#:G59a=",
        "_m1[:",
        "ar-SY",
        "U8Uy:",
        "[3kR]",
        "$#t|a",
        "!j9eMB",
        "\\((2`",
        "K;8JN",
        "zz Jh",
        "y6`+y;",
        "QZNE~",
        "8kW.3",
        "YPE93",
        "I3(z#+P^",
        "2<V&g",
        "R'SNm]')",
        "2AlGy]",
        "7g%$a",
        "HeW}*",
        ",g1\"x?",
        "ZxnCu",
        "@)YT)",
        "$^H)/",
        "dVBtF",
        "Z{[$D",
        "? kt}",
        "bh7@z",
        "dU-4^o",
        "0}x`m",
        "TPG'O",
        "i#D?\\y",
        "U^7@!H",
        "X$9i+B|",
        "QO.y}=",
        "1`@o;",
        "()__%",
        "pjM<P",
        "%J-0s",
        "0`dpUH",
        "w`qp-",
        "e2 c[y",
        "&qhno",
        "7Tp98",
        "<N&%<",
        "&[Op3",
        "bcj'c",
        "ys&)??",
        "\"zBBx",
        "o}ihut",
        "[BW7K-",
        "August",
        "3m8|>*",
        "f-+?8~`",
        "8Cj.P[",
        "Gr4H3",
        "(D. P",
        "#B:,(",
        "t[*r<",
        ";]^zZ=",
        "Failed to load DecryptFileW from advapi.dll",
        ":[R>86",
        "YqTp?u",
        "&N^+b,",
        "IJ|ydQ",
        "|Im~#?",
        "+OBB2N",
        "=|)_'",
        "M#;lX",
        "9Hyeo\"]gZ",
        "&SZm^`+",
        "cpJ d&",
        "et-EE",
        ",Wi&.",
        "d3,'gX",
        "JZ`rU",
        "J^.2T",
        "o5i9x",
        "Dk8bf",
        "?' Ul",
        "h0Y!b",
        "aud5]",
        "Prerequisite required on system.",
        "Y0 Eu",
        "(DGb}a",
        "qFgYmf<",
        "F|_lY",
        "O|Kd1",
        "a8-Bg",
        "U@.1r",
        "VGeHT3",
        "1i rb",
        "vA; 1",
        "B7la=",
        "[sgdu@",
        "Z8K.(",
        "pwf.x3Qt60Tt",
        "[t[Ol",
        ";5]_W",
        "3c,1`c$7K",
        "<>zu=f",
        "Z0C.O",
        "\\8dRm",
        "E`^V@`T",
        "%DKG;i",
        "wWj,j",
        "-OAZD",
        "1vn:U",
        "9PXCJ",
        "LFabg",
        "@3Fgzk",
        "9|a`'",
        "<\"<3<C<p<~<",
        "ilQYz",
        "7Y$K$azb",
        "0r%\"!U",
        "HHJ]USZ",
        "l/wH[+ 0,",
        "cPl3_BF",
        "d*`a9.d",
        "el-gr",
        "C:-\",,",
        "kOGC[",
        "<~E7~",
        "#4y% ",
        "j)MM35o&",
        "IsProcessorFeaturePresent",
        "W0[X#",
        "BRj9Y",
        "MSs`WL",
        "nD&%ZH)",
        ")p+hR$",
        "5J_p/",
        "tL6J10",
        "= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\\=`=d=h=l=p=t=x=|=",
        "Dg%sa",
        "(EE[M",
        "wiy6AM",
        "Unknown exception",
        "nix[/",
        "N:L&3",
        "Fn~q?6",
        "1Li9$",
        " l`8 eRBj",
        "W`+6i",
        "GetStdHandle",
        "`@Jh'",
        "N+Z8>",
        ")fNYH",
        "xVVq!",
        "}Wh<TW",
        "7\"7:7",
        "@2cI#D",
        "[`@/%",
        "gpM'u4",
        "zk7=/",
        "B<a{v",
        "ar-kw",
        "&79DK",
        "9 ~L\"",
        "_(b32t",
        "Gy$P4",
        "+jf9'",
        "}xG'r",
        "~DxN,D",
        "es-CR",
        "s>@ .",
        "]0z'&",
        "YT+A@",
        "(YmvkX",
        "Kqe(kFB",
        ") +4%i",
        "]zXnW",
        ",t^P@",
        "restrict(",
        ":x7jl",
        "KX5@P",
        "M$j\"^QRRRRR",
        "a1'!P",
        "Uxqeqs~",
        "[#lKF",
        "\"V78;",
        "/FBQTmg?",
        "es-cr",
        "F@KB&",
        "ykzU\"",
        "Hr?x0",
        "Yr.FsK`",
        ";M\"lN",
        "<c-qq",
        "sK$grS",
        "Ik3S-}mh",
        "=X@_E",
        "IsWow64Process",
        "bx+Wt,! a",
        "m|%r4",
        "OS>Lh",
        "Nj-pE",
        "7h4?j'",
        "DSOXns",
        "+EtHw",
        "(3i+aD",
        "zK[s5",
        "tX{]B",
        "t|vl%",
        "GUTeN",
        "WSy63",
        "#m78!",
        "PF7r\"",
        "_g{aNl",
        "<~6~L",
        ":S&sB",
        "\\:`~?",
        "by6[/",
        "mw?, ",
        "]<C*q@",
        ">m29S",
        "45~j,",
        "=W6te|",
        ",8Yutu",
        "nGG$;",
        "`5R L",
        "o/{O /$",
        " \"Qg8G+0dg",
        "73{z~",
        "v}K$Qg",
        "ja80{",
        "rpf;u",
        "sl-SI",
        "I(Sw<",
        "&M+Xh",
        "%*6$QI",
        "P1H{J",
        "*ja!<",
        "! b@*",
        "F431m",
        "x{hwV",
        "t5QVj",
        "<Q-y?.",
        "Q{*jDz,",
        "Failed to read container header.",
        "nk8\\m",
        "-.IR:",
        "hiZG6",
        "kxJ))",
        "5KQO72",
        "S9h\"J",
        "S&gFG",
        "L|RF}",
        "C^Aa=*",
        "!J1`h",
        "X]).T",
        "$r@r|",
        "G~P:rnr",
        "Y<v5\"",
        "888X8t8x8",
        "r%\\E#c~",
        "YE[Xe",
        ">\"51h",
        "HS1gVt",
        "IX71%",
        "Xj)&al",
        "^47D73",
        "$(,Y(",
        "h<.6*",
        "# XA2",
        "6pVq>>",
        "<]s*>07",
        "(_v(u",
        "Mo::{i",
        "2s'SV",
        "|3g-H",
        "Juo*\\",
        "vi-VN",
        "h#'o4",
        "`M=M.e",
        "Dr@ Dd",
        "90M>R",
        "^<`uc",
        ".quiet",
        "?FoRx",
        "cTI^=",
        "S[P]*^",
        ";PSczZ",
        "l\\o\".",
        "?Z8@-v",
        "I@EDJ",
        "Zft-|lW",
        "MmSV{!",
        "xDC\\e",
        "VOvzX",
        "e 5/r",
        "Beh-J",
        "/G1-M",
        "xrErL",
        "9kCsff",
        "Z'dhP",
        "bg-bg",
        "#.izK",
        "ddp/@ )",
        "CH\"D[MY",
        "<HPV ",
        "E1.C73E",
        "*jQ>\\.",
        "q* v\"",
        "RCr#>",
        "[t t59?U",
        "$X;_U",
        "@fM3!",
        "BBpum\\<",
        "_`Xg42'f",
        "`8)jq",
        "H(KJJ",
        ",hESE",
        "MS Shell Dlg",
        "-wJfc|",
        "=a*[x",
        "ou0tx**",
        "P\\u@<[",
        "B'WNz",
        "3\"404G4p4",
        "<$<6<H<Z<l<~<",
        "^&dY)",
        "t|U;;q0o5B-",
        "uLfd=j",
        "kepAE",
        "RST`0,",
        "&$XYq",
        "l^uzZ",
        "cKI?t763L",
        "%7|tE",
        "V'[DG",
        "6eOu3",
        "v[$TD",
        "']/H]",
        "\\,[G;",
        "lEuSU",
        "pE%vK",
        "x231k",
        "=uvD_",
        ",,=9Y",
        "<(<<<A<F<c<|<",
        "J^2j?{",
        "0:]UJ",
        "CTQ}<",
        "[kn&}",
        "R[EiF",
        "\"C!-.",
        "TsrA<,",
        "zh-sg",
        "WlM.[g",
        "3]+w>",
        "U!Jsf",
        "jXQ7X",
        "28cPA",
        "n0`IV`",
        "\\)GNa",
        "rTE&*",
        "J1$Dny|u",
        "i4ewe}",
        "eO04E",
        "There is not enough disk space on your drive for the new files",
        "/y`r*",
        "(;jS{]A",
        "!Dj+l*",
        "<mH}0",
        "Yur]!",
        "ZAQW'R\"",
        ")ut%3",
        ":11j&a",
        "K.3E%",
        "))eKD",
        "1{'ekY",
        "GetFileVersionInfoW",
        "EH}B&",
        "3m0XJ",
        "2'99M",
        "PhI!p~",
        "en-US",
        "OBud`~",
        "-_J*u",
        "Ddz3-R",
        "\"t(7R",
        "HmMCU",
        "->i)xJi",
        "}V4kY",
        "5`>h[",
        "RmG`cT",
        "es-es",
        "\"eR'|",
        "|nQ\"I",
        "9Aq5gLR",
        ">:W|p",
        "f),:OH",
        "TnI~>~",
        "F\"8Wi",
        ">p}SL",
        "gd\"AI",
        ",I.k'",
        " Zo^G",
        "_rNN}+",
        "\\nB{{*H+V",
        "ybXH,",
        "lyp,-[",
        "Q gU6",
        "5wZjBSf",
        "pwMv(",
        "jBPZe",
        "G|R>S",
        "jNpl-",
        "z^9H?(",
        "h>tsj@Y",
        "uu$z)",
        "n,v#U",
        "]Wo{O",
        "U`{fQ`s",
        "Vwg$i$",
        " {P 4",
        "CI&@xO",
        "Failed to get the label control",
        "K/]4=",
        "\"3a!;",
        "Microsoft Code Signing PCA 2024",
        "u1#F?W",
        "&Y!}o",
        "Xj[sa",
        "xDd7f",
        "Y*VWa",
        "z7p?J",
        "A)>lNd",
        ".ig\\*(T",
        "+Hn,@:",
        "4:4R4m4x4",
        "r;K%]",
        "@At&-",
        "-w`*}",
        "d~(k[",
        "-E&R;/",
        "\\M@sMPiu",
        "7A!&I",
        "#_FS-K",
        ":}N^b",
        "$uk)c8}",
        "~>f\\B",
        "EZr(x",
        "1'Boy",
        "l|\"j=",
        "x(`b#Y",
        "awN9wF{X",
        "@,U^Z",
        "QpboG\"H",
        "6)-p&",
        "|B[XpzW",
        "$W:zs",
        "-eLr2l",
        "H!l>V",
        "<4cQA",
        "I@42>oM",
        " J@/oQ",
        "@%^0t",
        "3Cb<Y",
        "=t8,4",
        "}57j3",
        "^BU\"s",
        "/2^0w",
        "bXBIP",
        "Uet!v",
        "y>Ld5",
        "qC]tA",
        "sG]r-",
        "j\\Yf+LG",
        "D]XGB",
        "RyQJ)^2U",
        "aUy/r)V",
        "uXV2~",
        "a42AU",
        "o){O3",
        "!lN9Q",
        "b^b(#|5",
        "Ehcu_",
        "-2Ioo",
        "Hf{~R",
        "kcFL+[",
        "\"Bo~$.-",
        ") K8+[j",
        "0]!LS",
        ":y}l{",
        "\"C_pjD ",
        "/(G_+",
        "PVo7m~",
        "icKSm",
        "w-Xai",
        "PO)9p",
        "5iB; ",
        "Xl1!L",
        "DnC=yH",
        "*a@].",
        "kGu9>",
        "N?i^_&",
        "(]uPQ",
        "P4S5J}",
        "3K|afc",
        "es-ni",
        "M H.F",
        "ux'<+]",
        "<4<;<N<~<",
        "f|O<c",
        "quz-pe",
        "_]\"<y",
        "35h8j",
        "yx<:Av",
        "?%F\\@",
        "\\4[G4%",
        "4TnnH",
        "x>R14",
        "1;(8g",
        "MV%;`",
        "q'=X;",
        "`+IPG",
        "RSCkI>+_",
        "v.Y}W~",
        "|J*l!(",
        "9C:r:",
        "SL*Lwq",
        "-o]f`)",
        "0 0$0(0,0@0D0H0",
        "qOwg2*VR",
        "j(#!?",
        "|IxJe",
        "t%[k$",
        "SnMgY",
        "L(46H#",
        "*l2bv0",
        "Uot&x",
        "`Q6fc",
        "W+&04",
        ".{.'<<",
        "VURseq",
        "@\\zP]",
        "`a$[A",
        "& S3)",
        "XUVbS",
        "Xin.Q",
        "KM'i\\ c",
        "A`7og",
        ")Nti:Zd",
        "-d06o",
        "%q*|8",
        "AcquireSRWLockExclusive",
        "3;!}/",
        "Z}R]c",
        "+kI!DD",
        "&Bnw]",
        "EKt U@",
        "e {'h",
        "8$8,848<8H8P8",
        "sH)+?",
        "^89nj",
        "NaG e",
        "6@6L6T6|6",
        ",rPbWk",
        "x.a R",
        "_'EB5",
        "JMskC",
        "9p41#`",
        "=X}z*",
        "P++ryV",
        "?hB!M7",
        "~'>di>+",
        "byo^3",
        " S[<:n",
        "(ma0}D",
        "AD;FDu",
        "O^_Cs",
        "K@?K?",
        "Ux|[z",
        "HQefr",
        "444<4D4L4T4\\4d4l4t4|4",
        ".CRT$XIAC",
        "UM?$f",
        "RI-`?",
        "-iu8@,",
        "hkNN|y~",
        "D+(c9",
        "w{zX!",
        "GetACP",
        "-wPtj",
        "b{9?I",
        "n+~2;",
        "GG{H]",
        "X~cSy",
        "O!sQh",
        "<:rBBH",
        "m-6>qR",
        "nj}Ik",
        "1/'L>",
        "J62!{",
        "O6}^#",
        "3oB{YC",
        "(|5-6",
        "./W:<f^",
        "n~hX|",
        "3rF.Xu",
        "Dw}[P",
        "@^So8",
        "U_A9R",
        "~Y2G[O6IP",
        "V02Q\\",
        "$&gT.",
        "gaIH+I",
        ">\":tr",
        "'&HmB=%",
        "PWndi0",
        "rs(5x",
        "SHGetPathFromIDListW",
        ">AS8!e",
        "|,u7*X",
        "4H>,*G",
        ")m\"o0",
        "Er+l-",
        "ROz3&",
        "91979A9Q9n9s9y9",
        "ZG%V#",
        "7(lIB",
        "~]\"TB",
        "*,QK/",
        "2=3pMC",
        "D9U,!X",
        "8N/b&",
        "sx]1V",
        "api-ms-win-core-sysinfo-l1-2-1",
        "(G4nT;",
        "Y,6+m`",
        "\"-rU ",
        "nSFQrs",
        "btBS|",
        "X($0(",
        "%]s3f",
        "~iAC5",
        "&QK:d",
        "[]>|Y{",
        "Z-w\\nd",
        "(}XXK",
        ",A1I(",
        "1MTdl",
        "}3/t)&\"",
        "Yw@1'",
        "v?8Xc",
        "G;Us?",
        "AR}t-",
        ";S*E)",
        "'8SOL",
        "lBV3)",
        "`GAz.f",
        " S|OLQ34",
        "^l?<z",
        "Cu.l)#Pg[",
        "2#LuI",
        "~_O}q",
        "9 9$9(9,9",
        "_&_whD",
        "(=Xu!",
        "jAZjX",
        "Failed to convert GUID to string.",
        ")MENW",
        "W3sl?",
        "~=2Z|\"",
        "VmaOU",
        "[]l{[",
        "oh+g'",
        "dL%)#",
        "y{\\o\"v",
        "6?f :",
        "8Qp% ",
        "v_vq=",
        "7%A:c",
        "gG|.WQ",
        "@XHoa2",
        ":|*>/n",
        "S}c} ",
        "?dwPlaceholder@@3PAEA",
        "\"R-fO",
        "55U(y;u\"",
        "i[ 4#T\\K",
        "s)U*c",
        "ProductName",
        "cg/2Y",
        ".tb4bl",
        "H\\CYo",
        "Xvg.C",
        "to ensure you have permission on the folder to",
        "_:{'c",
        "\"oLuS",
        "WS(cHx",
        ")sCt=",
        "@n(ot",
        "fUH\\`",
        "&\\:l!",
        "0Oo)U",
        "1074787<7@7D7H7L7P7T7`7d7h7l7p7t7x7|7L:P:t:",
        "Z_mdE",
        "AAR[*",
        "YpedVp",
        "`XSJDP",
        ">jl@a4",
        "$7)5a^",
        "qF3cu>",
        "6#*xiY",
        "r^IwW",
        "(V{IM",
        "=6S,u",
        "i\\JrK",
        ")HFttJ",
        "AxmsC",
        "+Vv#a",
        "?lc*%",
        "&F9~'",
        "hA6^E",
        ">c]W.l",
        "L}Vw%",
        "E9zq/&",
        "w`gvmN(1Lo",
        "N18Gg\\",
        "tp1^VI[",
        "*H+7Ip_N4",
        "260416185943Z",
        "xPH9:",
        "*oiaM",
        "rw%P761",
        "NCV`B",
        "171fP",
        "arM-j",
        ")F;5Na",
        "qO|?P",
        "{,CPt",
        "mm gVk",
        "PW*H9S ",
        "MvtLk]",
        "\\6KZ/",
        "_S?]?",
        "~7=uZ",
        "tfB7g",
        "\\WU<2",
        "7w!6T",
        "drqpl",
        "2ey4K",
        "{i#0\":",
        "g=N+f",
        "gh(etc",
        "Ts*2dR`+j",
        ">Q2}i",
        "f&(E[",
        "Dwjc*!",
        ".idata$2",
        "*\"AIE",
        ".?AVtype_info@@",
        "k~mzc",
        "(``J_",
        "+q3W`M",
        "G|C?1r",
        "_qBT$",
        "XM68p_",
        ":-bt ",
        "0wU-*",
        ":c+@B",
        "write files and that the folder is not read-only.",
        "td\"Rm",
        "jO%T{",
        "DwjKs",
        "NfYp{",
        "ISO*:Y1",
        "yqq-M",
        "'pNTC",
        "R #DI",
        ">|,Ub",
        "s2iRA4",
        "z8]_w",
        "l9vTd",
        "O-koN<#",
        ")ZMIR1u",
        "[OJg(",
        "xS5{F",
        "I&LPX",
        "{;0K>;",
        "<)X$CJ",
        "T0'F}",
        "lKwLh",
        "PkgP3}7l",
        "7>8Q8a8v8~8",
        "uz/v{",
        "GlobalAlloc",
        ":;PlQ",
        "(XD)[",
        "M,9m~",
        "D2}h2",
        "EwY&)",
        "jdA4>wr/",
        "j6^,a\\wt",
        "twaE+",
        "!J)U9",
        "J1>{*",
        "O[n._",
        "nK%9rS",
        "K&['d",
        "}_}uOOA",
        "o(Mty",
        "-P+Ws0",
        "_yUJ[>",
        "/ ?G|",
        "w^hu~",
        "ebCnbl",
        "A\\\"N;",
        "Xk2`/r",
        " zIpZ",
        "!r_u(",
        "qnh:k",
        "WXNJv\\oz",
        "%}ktL>Y",
        "@E&D(",
        "2-LBk0",
        "9&''j-",
        "W7OxV{",
        "n:[9<",
        "es-PE",
        "3Fg\\o",
        "W|Gc-",
        "/wnsYkIP",
        "sD01,",
        "8}Z)Ce",
        "h1hu_",
        "A21#M",
        "es-SV",
        "!Syj/",
        "5jZy>",
        "cHY0(d",
        "D^.B2}",
        "KDB7V4V",
        "3r$Dj",
        "cTZ^=4",
        "|TpoBD`",
        ":jiyi",
        "s7Avb",
        "&fq%(",
        "doUQI",
        "N=S|Y@",
        "4 d>P",
        "YqAc#",
        "8J)1w",
        "jQSXpi",
        "ZkmXV]",
        "g_?N]",
        " IPrs",
        "%JV%Yaz",
        "V\"9#K",
        "cP&#s",
        "\"9o)B",
        "2-3Z3",
        "k*L5?",
        "52X!l",
        "i@9^U)",
        "I[d%^",
        "dQ6wCD)",
        "wlli*%C'",
        ",$O$\\",
        "N?67c>9>",
        "}vD9\"",
        "&^e|g",
        "\\G]El",
        "m{M[iRD<",
        "YKFYp",
        "^j{kXH",
        "I[idP%",
        "Go}10",
        "de-AT",
        ">NCf\"",
        "F4b&D",
        "WLji1wz4",
        "[%ODC",
        "jNeFg]1",
        "RA#0!VU",
        "mvZB\"",
        "hl*;\"",
        "smj-se",
        "l,o[r",
        "``?i_",
        "^={Z2^E&P",
        ">!0.e",
        "n/ Zw",
        "es-AR",
        "1D97`S",
        "DU/LQ",
        "/e4zM",
        "%_B#P",
        "i&GR!",
        "@y&<]I",
        "{Z$Hm",
        "h@hR%",
        "CusuN",
        ")pdm7X5n",
        "'S#W~",
        "E=En-",
        "!'eMs;",
        "vZy]Ew",
        "YH9rS+",
        "xb&{1",
        "Ho|/!",
        "#973#",
        "pCN3e'K:5",
        "9b+7X",
        "s-LTB",
        "RL3;9_0I",
        "*f~D%",
        "WE4.zL",
        "7,bwm",
        "]Z ^m",
        "xOfmAd",
        "(wvv|e",
        "!q|F!M",
        "O$=o7",
        "[5hg{K",
        "f{D8I",
        "%]{iV",
        "$Dylw",
        "|Fi` P",
        "JK'c{%D",
        "CC v&",
        "Wednesday",
        "PRRRRR",
        "UwepRo",
        "s8(*?6",
        "3=]*9(",
        ":::N:X:m:",
        "a((s[",
        "1S!*M",
        "Y*ofY{:<",
        "x!)QM",
        "v:LY,Y\\",
        "juto\"",
        "3UssI",
        "9&v,$",
        "#[g\"$e",
        "^>vLC)y",
        " delete[]",
        ":?561D",
        "xw7(+",
        "|n[}z",
        "d!^i+",
        "k`yw&",
        ",Lp1y",
        "/6HR+",
        "\\>ov<V",
        "Byq&h",
        "M'e/~",
        "}Jrvc$",
        ";v|+T",
        "777wH",
        "&(yzh",
        "B&dL.",
        "qLF%@",
        "V:ao}",
        "{Yjbu?",
        "lt-lt",
        "OA9?*P",
        "t=S%o$",
        "5*\\GW",
        "KIP`dr",
        "gD>en0",
        "ftON9",
        "/^VwLq",
        "RLg5#k",
        "Ia>a>*=",
        "?blC}",
        "~ZuBu",
        "DmIG-W",
        "76yz%",
        "Y{:'P",
        "uF\"5i",
        "dSRe:",
        "nWb]N",
        "jM\"R'^",
        "NL9m$",
        "|Ac >",
        "\\FeM/",
        "&~!m-",
        "Please specify either /extract:<path> or /extractExecuteLocal, but not both.",
        "sr-sp-latn",
        "QA\"qv-",
        ")Zu<x",
        "`4B[Yf]_",
        "v.@5%2{\\f",
        "sr-SP-Cyrl",
        ";+x0Q",
        "YfC+<",
        "a,T2 ",
        "72IW3",
        "[`ksn",
        ">S8*4",
        "r4*N'",
        "`)t`{t",
        ":V>02,x",
        "OZ `K4",
        "oZG1}tf`",
        "TBYouR",
        "&Z/.u",
        "S'O$<{+&",
        "GB2mP",
        "K)7]h",
        "]|#R{",
        "jPkQ&",
        ";);2;9;@;G;P;W;^;e;l;s;",
        "LoadLibraryW",
        "<hU/M",
        "gZLc+",
        ",l6eLox",
        "k2(K(",
        "I5?$)p}",
        "C{UX\\O",
        "\"<D$w",
        ".rdata",
        "22%|WF",
        "j;R2)",
        "fbK~9d",
        "D|M;_",
        "jjZf;",
        "M%ONC",
        "+C`<'",
        "dW/DH}",
        "zE]OB",
        "~]ld*Y",
        "6E!ETp",
        "nk_Df",
        "f7vS>V",
        "}f7/H?",
        "Du`}Q",
        "hAFak",
        "9g5@5;:g",
        "+u{&Z",
        "kg%q{",
        "L^s91",
        "QA-a^",
        "?P3n+",
        ":#F+\\",
        "PMo| ",
        "s'}^L",
        "azHI ",
        "3Vwhr",
        "5F)uH1",
        "T=]f 6B=",
        "F5c*P",
        "aqP,@",
        "e/]S3",
        "bD4RJ",
        "4<!uEp",
        "hW85%",
        "'v~H ",
        "!J5.Y",
        "5GUba",
        "Sleep",
        "%GB<D?I",
        "(#r2^",
        "^TN+^",
        "V37dj",
        "jp1~tJ",
        "SS3]e",
        "2G%fP1",
        "4<xsx",
        "5QEAUhs",
        "e\\'j!xp",
        "c|u<\\W/",
        "L)?'z1",
        "#!h0U@r3",
        "B^qlh",
        "Q#77PO",
        "i-;e[",
        "3)ZbWT",
        "G|3$F",
        "geI{G",
        "8e-|R",
        "]3n2N9(IY=2",
        "&,7o)3jQ",
        "@tlsH",
        "g?_:`W[|l@",
        "gaIxW",
        ":/n]~",
        "5ru-#!",
        "8M@{y",
        "puq)M3C",
        " Br=.U",
        "F`!4.",
        "?l>k[",
        "hFFz_",
        "extract",
        "_.a({",
        "Zxt[k",
        "6#~Yn0",
        "SSSSj",
        "'>#]#O\"|",
        "Ihttp://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^",
        "FBN}Z",
        "B:ImGe",
        "/eXz*e",
        "_%p3T",
        "'6q%_{$",
        "CcP.JU",
        "'u*cD",
        "fti#S",
        "EhM^y)0",
        "$oU\\>=",
        "P*7n#",
        "B$2?8",
        "B\"Ewd",
        "nZH4Va",
        "/*D8W\"",
        "UTVu5Ab",
        "P>$+)",
        "Ku'5l",
        "wSkj0r<X",
        "ZAb7f",
        "UI\\J9j",
        "?)e-El[",
        "W:x3<E",
        "\\PR<r",
        "<+=P=",
        "Em{))<)2]A$?",
        "+U{Ks",
        "*XkN8",
        "+C\"An_",
        "LH\"pG",
        "fXh>#~&%w",
        "en-nz",
        "`ILypn",
        "i_B?l~yN",
        "n\"N|v",
        "KALh(",
        "<'I:`",
        "d ?^!O",
        "cYXm(",
        "\\Jl,ps",
        "N;P'e",
        "vv}6R",
        "e\"6Kv",
        "zD}e}",
        "_SFX_CAB_EXE_PARAMETERS",
        "+$J)%v",
        "y$=E,",
        "cFq4g",
        "P $N0",
        "z1Tw$",
        "k}=[1",
        "4';/;f;m;",
        "azB1H",
        "$IgKe",
        "A*@n2",
        "9|^v8V",
        "^NHS6",
        "Yxc$7",
        "Uf:Bd(",
        "Ow6VC05N",
        "Eb\"sT",
        "November",
        "8h=S')",
        "&@-\"U]",
        "n-b+^",
        "F;s<|",
        "$Cn?t",
        "b-0O.",
        "eus*c",
        "9Ol~q",
        "$3|3~",
        "n_2f\\(",
        "#-M*=",
        "vnWD5z8",
        "Tk?U:",
        "*D8N4",
        "4z_Fy",
        "\\[^.$H#",
        "#,bx`",
        "vKR#j.",
        "0KRE^",
        "Gl`G$jm",
        "c6n@S",
        "S*OJ@bhd",
        "yIHO>",
        "sem*A",
        "jP/`?U",
        "}}U;M&",
        "{[H/-/",
        "eCQF;",
        "iTmc_",
        " DW,:",
        "]O-$m",
        "%<YC}",
        "et-ee",
        "8L2Pol",
        "9RbxY_",
        "Q`PBI",
        "SYL=+I",
        "DXweX'",
        "SetFilePointerEx",
        "w0xI/;|4",
        "CrJ0s",
        "PuaD2",
        "|)}aY",
        "ss3n[[s",
        "sr&6r",
        "}AT4'",
        "(HQCn",
        "5v}B:",
        "-3+0?a",
        "!1+\"z",
        "q-JZE",
        "c7At2,",
        "QSVWQh",
        "6=^vP",
        "QX 5YC*p",
        "@cQv3",
        "a`oQ4",
        "M1t7'>\\",
        "#)grI`,",
        "S<]s\\w",
        "$;+kp-",
        "#X->K",
        "5X$I1<,",
        "TU:4X,",
        "*T'a}",
        ":vbMo",
        "9~Su,",
        "f-5&HDV",
        "G|1;_",
        "Zx-fz",
        "\"<MEas",
        "!'lfl7",
        "RTwO7",
        "+:]xw",
        "eo_dL",
        "K#O)\"",
        "%SKD!G76",
        "Ryh86",
        "zh-cht",
        "<1F_(",
        "y'[1_",
        "^j>pjF",
        "zq+Xz.O",
        "d[[!YH",
        "o.X@C",
        "}{n-1",
        "vi$K)",
        " adg)",
        "\"2\"tU",
        "f{E/*",
        "}pD!\\",
        "B00kG",
        "gu\\s?",
        "O$pc{\"",
        "sf6OF7v3`DWyvkq",
        "c2u1 ",
        "sk-SK",
        "#yTU|j$",
        "~vcgS",
        "0O=gAE",
        "pxrgs6",
        "\\2@}q",
        "+\"{NV#T",
        "Ie]BW",
        "umdmL",
        ")h*K~${",
        "{<Gw$",
        "T\"7CsG",
        ".z8zc[",
        "?Y)=_",
        "\\lrRY",
        "BlLf#",
        "smn-FI",
        "D3&u<",
        ";.]81/",
        "7%.~WY2",
        "?Nm6n",
        "]=8 :",
        "ICr#@Ld",
        "!TkjE",
        "))}U@",
        "EFI%\"",
        "?E +sS",
        "4 4(40484@4H4P4X4`4h4p4x4",
        "IO 8k",
        ";yuA\\",
        "Iz3(e",
        "OK[yS{",
        "P?D&Q",
        "`M5jz",
        "BzaeikVO",
        "U1_|SV",
        ">Nt\\ ",
        "g<Zbf",
        "qxl.n",
        "^}&$Y",
        "h\\]dc`",
        "uS&FeEW",
        "=oMxq",
        "\\~kQM",
        "P]P ^_",
        "?j&*W",
        "zZcXN",
        "Extracting files to: %S",
        "`^\"M}",
        "x\"KdU",
        "mq]!4.",
        "Eg/8/K",
        "*!WCJ",
        "doIA4C",
        "gl#WxU+",
        "es-mx",
        "=H\"y3",
        "5-5<5E5R5h5",
        "%OWOi]",
        "RcIPE+G",
        "K2p,&1J",
        "#UojY",
        "} lkd",
        "pm\\`I",
        "~6Hr?`",
        "Si]?8/;",
        "3\\)Hq",
        "e2Ty>",
        "IR%jzjw",
        "}dcl%Ns",
        "cs-CZ",
        "lG33X",
        "p`{KL",
        "3D4:5",
        "I8i3(_",
        "I9&NT",
        "mkvB{D0O",
        "d\",b/",
        ":PuKNSq",
        "|}f&R",
        "$QntC",
        "5A~xQ",
        "u9Ql\"",
        "7.ks\"",
        "}3)4`%",
        ".mm%.6!>",
        "71c](0",
        "\\T~kv",
        "j_O;3",
        "QEOUX1",
        "W:}V2Z9",
        "en-bz",
        "0(Pw!",
        "I\"?]/4",
        "Q4_H~",
        "j^iMyd",
        "/w`IV^",
        "fon_&+",
        "+4Nk3",
        "advapi32",
        "tDJ]U",
        "t{9`+",
        "sqY3W",
        "~i+<*",
        "VrtZC&",
        "ZtQ?\"",
        "zgjQo",
        "wIef2q",
        "IR;*`(rB",
        "KoHWk",
        "v21s[p",
        "DkavXU",
        "p{5/o",
        "QY7OS",
        "a@nU+",
        ":4}U*",
        "oJ# 2p",
        "n(#7r",
        "dP#b)",
        ".CRZp",
        "[lG(p",
        "a5#)f0e",
        ":5IXu",
        "ar-om",
        "7-8JW",
        "'Phj'",
        "Rk}-nh!",
        "rQxW&7S",
        "lLCZE",
        "67|Y)",
        "oQoBp(",
        "MbIqQL",
        "ViDeK",
        "c/VNL",
        "%Sc>ZT\"3",
        "J:%cmz-",
        "K6+!4M",
        ".SHA[",
        "#Ip#I",
        "kk-kz",
        "04Ue/t",
        "}+PN;",
        ".CRT$XIC",
        "zlqD6",
        ";X5D>",
        "Microsoft Corporation1%0#",
        "div-mv",
        "Y5xA9Im",
        "Friday",
        "LOarrK",
        "jeJ$@n$",
        "'Ft19",
        "6x#**9",
        "Z#$kra",
        "%^u\"A",
        "=7Hk z",
        "MO,5P",
        "7246B",
        "LImBl",
        "%ROd`",
        ":3m[%l9",
        "F}GAs",
        "U(&52$",
        "5u{1A",
        "gu}@)",
        "i{:56`",
        "g#b1,",
        "Mb$N7",
        "S\"PQ,",
        "mNz\\M",
        "[oWB}A",
        "'AYBR",
        "T(Q/(",
        "knP! ",
        "3A4w4",
        "W'>5#",
        "7Tp`J",
        "*mO]D",
        "<&|$af",
        "&Qqo5",
        "4B\";]",
        "oKcyZo",
        "#B.@5fOS",
        "e7&fyh",
        "gk,Q4",
        "]taj0",
        "\":.}#",
        "OyI48",
        "mXwh\\/<",
        ":ZMas",
        "90-JT",
        "=]*[p$",
        "(8/ed",
        "sv-fi",
        "*9wR k",
        "W.wd*",
        "}Xqf1",
        "0J+A|",
        "]4g\"\"",
        "Yx&=&H@",
        "7!y{w",
        "PX7C/|",
        "0&luw1?",
        "NRVO%",
        "pqVbF",
        "q;Ru`",
        "wLBlA|",
        "73t8D",
        "wH}%\"",
        "Tz~ww",
        "j'oeJS?",
        "#gG<v",
        "tDA*K#oG",
        "vZ\"R;",
        "9!^Eq",
        "d1Oo(",
        "kzF7]",
        "?EzM9",
        "\\.=#RU",
        "gzHEt0+",
        "2.lw}",
        "{-3O{%'",
        "ivDH4b?",
        "]c!^[\\",
        "dr#SSjdVQ",
        "C&2gH.",
        "AYB5\"9$",
        "F#4 \\@",
        "/=~7c",
        "SctJI>",
        "c2ft~",
        "U|?X*z",
        "^Nm#]",
        "su1_K",
        ">\"0;.",
        "\"M)\"Y",
        "]/@au",
        "bPR!|",
        ">cR U",
        "2%2/2",
        "h&~0$",
        "zu-za",
        "%`mFO",
        "qBj/\"^n",
        "pI9|5",
        "(-.1m K",
        "'8$%PCY",
        "Tc3hkg9",
        "^?WV3",
        ">(r'n.",
        ":ZPdhA q",
        ";|84u",
        "Xgn^lh",
        "FrS9:oM",
        "Mt?SLQ",
        "6`Z\"]R",
        "JYdS]\"B",
        "Xa<hny",
        "+?K9n=>4",
        "gIgMC",
        "pnG=a",
        "SGL{O",
        "Y\"8@wb",
        "22J|_",
        "M~3.3",
        "%RECV",
        "1#^Qvg>",
        " 6<MI",
        "L9,bJ",
        "7U{AZ",
        "G#<#2o",
        "sA;&t",
        "w,Oy{c",
        "[Dl7kI",
        "NUj/R",
        "&0m|0",
        "INgfzQ",
        "^qwn5`W",
        "/dLU\"",
        ":KAk&",
        "od/T)W",
        "4Q-sCo",
        "Z>b+84",
        "=j4Lm",
        "^7Ac7",
        "R_/Ou",
        ",Hl$-J",
        "kgK,]]",
        "F+Yz$]",
        "R,v56",
        "o%dG1",
        "d]YeBi",
        "V_6Ho",
        "1SBD$p",
        "-JUG{",
        "*(M%X'",
        "ket)<",
        "C'Km79",
        "qn][:|",
        "y `57@",
        "*G[np",
        "7)[RXU",
        "}\\Hr3",
        "MDz#~",
        "4\\bS&",
        "*R6)s",
        "o:A09j",
        "Wq|+~",
        "zh-CHS",
        "]!otd",
        "CreateFileW",
        "GetSystemTime",
        "O~34RC",
        "\"m:} ",
        "es-hn",
        " i!sM",
        "7w7^;H",
        "z{%!&",
        ";jn56",
        "uNj![u",
        "zf(wI",
        ".?AUCOutBufferException@@",
        "GD6Qd",
        "=QPb&",
        "api-ms-win-core-localization-l1-2-1",
        "+1s}p",
        "U_e[DM",
        "GB\\a\\)d",
        ":D,^)",
        "t4N3? D[",
        "{d7O9",
        "Rx\\.YP",
        "EZ!})m,",
        "U8?>>",
        "t~ggj",
        "r#T4,",
        "P;_qh^7",
        "nUD dv",
        "[ni;`",
        "LP^'a",
        "GetTopWindow",
        "Failed while running the extract directory selection dialog.",
        "v(1%P",
        "/R*c]zE]",
        "WakeAllConditionVariable",
        "|:N)kh",
        ">koCV",
        "*:e?9a",
        "?{\"3A]VGW",
        "]gUXm",
        "\\o?/\\lP",
        "0K=b_",
        ",z43/",
        "}m/uD?",
        "iM|=Y",
        "Failed to create the directory to extract to %ls.",
        "kYv!l+",
        "krGWn",
        "s-&2]",
        "L'f><",
        "^N!KD",
        "-WP?A",
        "2?PnG",
        "s#(g_",
        "V-p2I",
        " H6oPj",
        "00!PN",
        "X^^vs",
        "Yb$OTB",
        "TYO[!@A=",
        "4NA4f",
        "ar-dz",
        ")Z&'Ay",
        "9y4j.H",
        "S^$Kf'c",
        "WTi?E",
        "~mH(\\",
        "]`pD6",
        "*y{i\"",
        "3  _z",
        "~0W9s",
        "XmsmK",
        "RZ-h]e,",
        "5q.G=",
        "kBj$O",
        "=PE b1",
        "IT*.t",
        "KQXL^",
        "}l5y6x",
        "e%#/Y",
        "\\+UU1z",
        "T?(?`",
        "u.Iu\"",
        "qpkAd",
        ")1VOr",
        ".C*uz",
        "Z3BG}H",
        "waBo?",
        "XnCDs",
        " Base Class Descriptor at (",
        "bfN{=",
        "E_eZC&",
        "<j4^P",
        "2>r+<dQ",
        "96[xm",
        "W9J3Y",
        ">-bP~",
        "xZ~;Y",
        "jCU$?",
        "V,vrN",
        "esBy\\0",
        "w%/u[",
        "h ;U-",
        "Qi`7?",
        "pPuVJ",
        "r)\\Go]3",
        "&O(z3",
        "}2UM'",
        "y-(y}",
        "tt-RU",
        "].4Dg",
        "~>!mO",
        "k?\\-00T",
        "L\\F(X",
        "#r*\\Cm",
        "%v%xS",
        "hr-ba",
        "Ipe1>",
        "c*L4ae",
        "NEi?II",
        "ODeCa",
        "X{Im ",
        "4)5>C",
        "nn-no",
        "B]]%g",
        "v>)0I",
        "?af[|g",
        "Failed to select and/or prepare the directory for extraction",
        "{3 W/<",
        "Ke4J)",
        "c\\)(&",
        "M_@`{",
        "X7O1%]",
        "!mpi.",
        "N(,7x",
        "1Kv!(",
        "!6ox ",
        "s3f}1o",
        "H/Z[U-",
        "P, wK",
        "QQSVW",
        "*lGOG",
        "d6TG$Z",
        ":jT5R",
        "JA5LlT ",
        "G<x1(r",
        "|Jv)C'4",
        "e+000",
        "KIIi\\_",
        "/3+mMq",
        "\"`D)oCv",
        "260219193957Z",
        "EH#;X",
        "_NfS^j",
        "+5,oS",
        "xKCKD",
        "`5fYhI",
        "@zn86",
        " z(Z7",
        "@\\PeW7",
        "a0p0v0}0",
        "xYSL:J",
        "RT?gU",
        "pW`WT",
        "+1\">R",
        ":'kt,",
        ";$MyM",
        "bx4!9",
        "yn)vw",
        "ms-my",
        "Failed to initialize arguments",
        "5ntel",
        "U|RZ#",
        "K@U;B",
        "e+;8-",
        "KL469",
        "P#.Q{\\e7",
        "-h9{{",
        "r~f;u",
        "%5sGnL",
        "P-$#H",
        "\"rB~/",
        "9_`~&V",
        "K4!f.",
        "gOI4M",
        "[ecI%",
        "yv1+c",
        ". pZ?",
        "8HHDC",
        "v>|Fy",
        "u]uF3",
        "LeaveCriticalSection",
        "Z62XD",
        "HK^dUd",
        "qiJ_@",
        "5F1,\"",
        "h-<Un",
        "eCN16",
        "YR\"yx",
        "?V[XV",
        "esyPW?t",
        "S/9DV",
        ",wSn@Y\"",
        "},FwW<",
        "1y#wY",
        " L2?T",
        "(|[Bve",
        "\"f#uZ",
        "Failed to initialize COM.",
        "beWDXx1",
        "pYSl&:8@-",
        "_logb",
        "ubB&_",
        "4M(D[",
        "J5\\-f",
        "MZt*.]",
        "\"\"q75",
        "g{jB\"o5",
        "CFh.'k",
        "SN3B5%B%",
        "%\"(?e",
        "Ms#$`",
        "-\"V%.,",
        ")w>j*",
        "TO<,j",
        "<E{H)K+`",
        "ZX~kH",
        "wPKJ/",
        " U`{$",
        "AUIP,KB",
        "1#SNAN",
        "ub+;: ",
        "STDRxh",
        "K63gox",
        "u0St:",
        "HOIX'",
        "C=o;1",
        "v\"f+;",
        "TR\"*B",
        "=h|Vc",
        "__swift_1",
        "bjBfuF",
        "RdbOK",
        "7S^\\c",
        "[[uNc",
        "2>u(j\\6",
        "v)54.",
        "'K}rW",
        "u#:MA",
        "noCk[mw",
        "O*9b:",
        "!w$ui",
        "Q ZyH&",
        "5('{B",
        "IzlUi",
        "Z@\\k)",
        "Dkcng",
        "Xn?Ke",
        "qBtEb",
        "5|oZ-",
        "kn)Xa",
        "qZa g",
        "?>3 4",
        "/9l)d{N",
        "XjKbnT",
        "[5};>!",
        "S0Q0O",
        "H6\\eh",
        "T-%\\>",
        "R[7Wrz\\V",
        "M7MYes",
        "wsg-{s",
        "<hh\"jjk",
        "\"gU&M",
        "KD5t]",
        "0q QxZ",
        "_eG{gN",
        "Y@fnI",
        "`DTm+",
        "Ta>Xm",
        "77\\YJu3",
        "sHEd6f",
        "Gyz;`",
        "$;U/Kc",
        "I3_hl~",
        "ar-DZ",
        "dVNpnny:w",
        "_|3]$",
        "1<F]nk",
        ",g(|T}",
        "A-<Fu",
        "YR1Oz",
        "h]yO\"",
        "KEY-R",
        ">xniJ",
        "JZ~Z-V",
        "9fx//",
        ">d'zK<",
        "vi-vn",
        "<Hj%o@Z",
        "!No89,(",
        "#nHRa",
        "l`O1}",
        "N{yfz",
        "!%:w1",
        "@\\bT?/",
        "^bo'/",
        "!,2W(",
        "'g=>w",
        "X2Tstc",
        "SQVKi",
        "O1)Y2",
        "SD zs|",
        "Ha?u$",
        "Qc Xf!",
        "hEZ|rVa",
        "Z@zBmB",
        "{N6)3.",
        "H6<yJK",
        "Z=k+Ut",
        ")gxb/r",
        "`Ugo,",
        "s1;g#=%",
        "uyzR#6",
        "E Of+s",
        "riPJt",
        "qXgVoi,",
        "Cj3iQ",
        "(M,0_",
        "LJ!^/",
        "J9\"Eb",
        "#n>f&@",
        "_$S4I",
        "9{}hL",
        " zb=F",
        "Ir-s:",
        "0_}<bd",
        "V[HvE",
        ".F+qI",
        "kjv/ S",
        "u3Z318",
        "Xj$g)",
        ".CRT$XLA",
        "%xUm]",
        "\\5 SS",
        "woC<:",
        "hKxIU",
        "mkbn=",
        ".f08t$i",
        "#r1\\N9A",
        "~$2'OQ",
        "u6l}R7",
        "x'$<o6!",
        "vrE-<",
        "ue1T\"",
        "`Q'`#",
        "c3Sy@QF",
        "gz0~(",
        "!^rse",
        "CXdPQ",
        "P:QPd",
        "fThpv",
        "=/=O=]=l=|=",
        "|MqO\\7",
        "|Hf#zq/4,2",
        "/t2JQ",
        "?k!biS=",
        "fVeAA",
        "@t#zOe",
        "&IHtA",
        "Rk64.tM4",
        "I}Anx~",
        "V0V\\=",
        "kO[S7:",
        "`}Om*",
        "DTZ%_`",
        "<?#.`jZ",
        "3RwS_K",
        "^XoFt",
        "/{G\"1",
        "j2_VM",
        "5$5D5L5X5|5",
        ">@@-S",
        "9wS/2",
        "~gv\"G[",
        "]ECH{",
        "@?]9\"p",
        "l2%A\\g",
        "?,Kpnv",
        "s4c?!",
        "tv9oS",
        "\\G:Z@",
        "/QOK~",
        "{^pR1",
        "Zv%`x-",
        "n4D_@[$",
        "960vH/",
        "<.%4#",
        "+}Fm=",
        "Z8Jcc",
        " \\2@Y",
        "+.pi%",
        ".fZ`r",
        "6oUw:",
        ";,?\\w",
        "}9-;+{",
        "u:`9N\\",
        "(YLFr>",
        "alU]IZ",
        "15c$$",
        "*-^qU",
        "7!8H8g8#9S9m9",
        "U+h|<",
        "%c&!IH=",
        "/{ UO",
        ".AW1M3",
        "LB+O<",
        "\\C\"`L",
        "Lf>D,",
        "\"iD\"K",
        "$cL1Q+",
        "T$}=O",
        "y7c+%",
        ".us+V4Iw",
        "k35`x",
        "Ly/,s",
        "JQ4j!",
        "v`%:b",
        "B^ciLq",
        "oEkEe",
        "%I\\R>aC",
        "J8(M&",
        ".qoRM!",
        "GDZKV9k",
        "_e,j1",
        "HX%1>)",
        "|d%fm0",
        "z0out",
        "CqKxX",
        "yK]?g",
        "~2/*!V",
        "[6>n'",
        "u2lphu",
        "=:SlV",
        "yNE.p",
        "H5OQi",
        "e+Jh-",
        "Pa{?MO",
        "Y-,zj",
        "4GK`ch]",
        "RegQueryValueExW",
        "9m1rTR",
        "9ZM*>",
        "Bhttp://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0",
        "Jqm%9N",
        "W`}x]",
        "JlKA@",
        "azB]|V:",
        "V^3i-",
        "010<0",
        "EK9um-",
        "Zj4)H",
        "l/g[O>",
        "C_E;*",
        "$Um,*.r",
        "|G,j ",
        "#hu.e",
        "q (8DQ",
        "om%nBX",
        "K)`<nJI",
        "Jxhio",
        "i:(SL",
        "vH9S]",
        "KR-Qf",
        "CCkYp]",
        "Up :z",
        "k/PcH",
        "?S0sd",
        "v*9\\2$R4",
        "4j(Rk",
        "@ll><",
        "jK/}[j6S7",
        "6E_ f@",
        "sma-no",
        "[{!3%G",
        "A\"_'}!SN",
        "-%v[-",
        "R$(&+X",
        "]KY-^`s",
        "*0s w",
        "bXL1y",
        "?%{1]",
        "D46<q",
        "4Uil,",
        "b>9-.",
        "\"`${A?",
        "W6{v8~+",
        "Je=a7",
        "q`3M~",
        "Jeq9O",
        "P2]z[",
        "!]_0t",
        "qtrCEFP",
        "YJ7Gh",
        "`)V)WBr",
        "rr&{Lw",
        "C(VDs",
        "k\\\"aF",
        "cU^6M9",
        "wnd+@",
        "U(D,/",
        "9Ayt~",
        "+F?N#",
        "FDICreate",
        "\\=K3x",
        "2Jj_G",
        "samZK#",
        "x_o<F",
        "2a3o3",
        "y;[7!|G",
        "iQ$W)",
        "z5,S6",
        "rGJ0F",
        "d%bY&zv",
        "bE]?Nl",
        "I.$AH",
        "yIdMb",
        " !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~",
        "pd3*j5gig",
        "r+hZK",
        ":y#Zo",
        "H ?eQ",
        "wMAPVN",
        "[aOni*{",
        "D!E!Y",
        "N}1]I",
        ". 5b_A|",
        ">HWCs",
        ")~w79L",
        "A5s#Z",
        "x{7Rh",
        "fAN`Z",
        "j7s6?h",
        "7{Hb]5",
        "!L<jp",
        "ht1#q/m5p",
        "uxd4g}",
        "\"aU\"e",
        "\\Y[[d",
        "SHLWAPI.dll",
        "1#<~j/t",
        "~^,L)",
        "hw72h",
        "|k+e0",
        "wh%70^@",
        "m2cf}&",
        "@!\\3E",
        ">/49!",
        "k!S,y>",
        "u?V-+B[\"",
        " zheB",
        "m1,4h",
        "@_5^v",
        "!_3Yd",
        "\\;;gY",
        " )V|pD",
        "f<B4]",
        "qy}j@",
        "8+2\\6",
        "Y+$O?",
        "*oHz9aL",
        "R<mHy",
        "UI1p*",
        "|yF-NV",
        "C)Y}i",
        "`:n(lbF",
        "(y}8t",
        "Qp<9;]r(",
        "|n!+I",
        "RQ;^ ~0",
        "qK}E,",
        "~]9,]",
        "|+'m.",
        "Mrrcv",
        "SetWindowLongW",
        "1=etW",
        "u}R6!R",
        "W.] &",
        "B4a>A",
        "e\"iJz",
        "RVHZB",
        "O+C*k5",
        "&vnCX%",
        "@kTR-0-",
        "-*UP8",
        "\\oNPw",
        "L&9}=",
        "|DZ.1",
        "G2^v:",
        "f_UTwE",
        "bd_y=wZ#i",
        "da-DK",
        "j9>Ai",
        "b<H5n",
        "!{nS#",
        "S}G-!",
        "Ni2Q2",
        "Kp@up",
        "kL7ucZ",
        "%z=KM",
        "eE1,|",
        "S\\eMl",
        ">6(AW",
        "_W*gh",
        "L\"JPp",
        "IPmuI",
        "~bV6s",
        "vx *&",
        "}&3e8p)",
        "PUwua",
        "r93OV",
        "l /pY",
        "9QJf`h",
        "&w9>L",
        "_JC<36",
        "]8x'P:",
        ";jUn#",
        ";Jj\\NP",
        "oY2u6",
        "atH7D",
        "f7<u0",
        "VLD\\Y",
        "/=O'd",
        "G9VrQy ",
        "ZIvc^",
        "8Hg4[N",
        "=$]g'",
        "o@a'LG",
        "(3lvR",
        "DHLb9pV",
        "(< 5>",
        ")m]!7&L&<ve",
        "A,L1'",
        "WQdfl",
        "VgRYV",
        " 6SQCVh",
        "FL,br",
        "esTS.",
        "I@226",
        "_|Or%b",
        "Mu?\"6",
        ")1wZo",
        "M0u#&}",
        "~HR,\"x",
        "2 2(20282@2H2P2X2`2h2p2x2",
        "y~q&@",
        "*/\"w|",
        "64@Ml",
        "$cUkL",
        "J*!!c",
        "sM(W|",
        "en-tt",
        "W[tP1",
        "7[kQy",
        "=<h6S",
        ">Q<nz",
        "E;\\,.",
        "4OnL!ZL",
        "InitializeCriticalSectionAndSpinCount",
        "(JMfK3[",
        "!(f|Fi",
        "40/ZQ",
        "*Jl0R",
        "e#8~}X",
        "rd+k,",
        "'aDlO",
        "hV8L2",
        "3Zl;*_w",
        "kx6c?9",
        "~e~U4",
        "E(\"J~O",
        "VQO>\\",
        "S`W6n",
        "es-co",
        "de-ch",
        "n?tO6A",
        "BtYm,",
        "dfngWB>O",
        "\\mLdQ",
        "Wq <I\"",
        "m;X4P",
        "[MzpK",
        "3*Kq%",
        "<ts3^",
        ",hQr#",
        "EKL0~",
        "BD\"Is$",
        "Fz,BCW",
        "J\"1P0",
        "HAAuGyI[",
        "P/gYgY",
        "NIf={",
        "p>1su/",
        "@WWPDaF",
        "<$7j|.",
        "@1dP7",
        "Q_6=h",
        "BG2}H",
        "X;v?4",
        "{G5c&J$",
        "Ib Ph",
        "pMWs<Y,",
        "JqFmD",
        "StringFileInfo",
        "(UfA~/",
        "\\SY J",
        "hd+5=",
        "nG4@F",
        "i;e1{",
        "Q(zCG",
        "T~$r,4",
        ";RuJ&",
        "{#;ge",
        "es-HN",
        "daUwe",
        "\\BqT=",
        "jh|*i",
        "@IF=~",
        "9xCsI",
        "Saturday",
        "FindClose",
        "G2HOh",
        "y3!Fw@",
        "`?G7-",
        ">;X&-",
        "Lkg[/",
        "hx_j\\",
        "_+>\\[",
        "6M*A+qX",
        "f+1T3&>$l%",
        "3E(Gx",
        "\\Em,`",
        "1/J)T&",
        "=|VTh",
        " SJ{RX",
        "dTTk;",
        "=-><>",
        "U^WNK",
        "`!;wl~lW",
        "~rP*t",
        "`n1dv",
        "8G}i\\",
        "M\"w<H",
        "3\\3x3",
        ",VT,y",
        " qSeb",
        "iEu1s",
        "VQs]Q&",
        "c+>C)",
        "BN8> ",
        "IX5$w",
        "$Am2{u",
        "8162A",
        "_PX-b",
        "_3)d!q",
        "K8e/q",
        "I(e/h",
        "+]-O.by",
        "`HvWW6",
        "[[=Fxf*\\",
        "P\"[P[",
        "v:4n\\",
        "A^jj&",
        "&}(Y7",
        "jjjjj",
        "S2IIL",
        "0'\"0W",
        "GF/?U",
        "35Bqu",
        "F\\?CT",
        "sS4X<Cd",
        "R)vG#",
        "w1uYI",
        "zU\"rw_/",
        "ut ,E",
        " je8h",
        "7?x@{",
        "eX/y[",
        "14ZR%",
        "M0>AMS",
        " Type Descriptor'",
        "w\"(3M",
        "p~)!f",
        ";0;>;r;",
        "AY^2gY",
        "+9%1HBj",
        "Ci_c^6",
        "(VJs0",
        "i#=_A",
        "sW-,& ",
        ";&K`$]c",
        ":<b_#%s",
        "Hw+?$",
        "8qX1[",
        "5|gn3",
        "\"All+9P@",
        "C-/t~",
        "#q!U-",
        "l<)qkn",
        "%FqO2",
        "bO_xY",
        "YBZ`~",
        ")v1;w@",
        "M{!p7",
        "SpYmUx?",
        "^!^oj",
        "eqjt.r1",
        "+u=QQ",
        "B;?9=\"^",
        "s3x4l",
        "K .ue",
        "p8aLV",
        "wg8^%",
        "C%l/G",
        "({<n:y",
        "p/:Z!i",
        "jGYf;",
        "GP;GTu",
        "B%fzx",
        "w?KZ9N",
        "!ZAK@",
        "+EzoB",
        "+:~{;",
        ",i7|O",
        "040904B0",
        ".y[`W",
        "q!s !",
        "P$Kd-",
        "!gQe9",
        ";I\"}T$[",
        ",?HvL",
        "9-,;t",
        "4M4w4",
        "7[Df8",
        "`local static thread guard'",
        " %IBB",
        "NVa`{",
        "ExpandEnvironmentStringsW",
        "Zo?i2T",
        "^8A [",
        "lpqY,",
        "bL@<g",
        "F8wl3",
        "lS\"/z",
        "1@1P1`1p1",
        ";,t_V",
        "0yBx?",
        "?c#|i",
        "d!1+0*",
        ">1?X?_?k?",
        "\\\\6e0T",
        "%DN}:9",
        "EQmY5",
        "lfI}y",
        "r] k0",
        ">Y3Cs&",
        "e^_f\"b",
        "w{<cL",
        "!?$?>5|",
        "`ieUe",
        ".$yRT",
        "z$Ua$5",
        "(u80t",
        "z4T__",
        "\\KVr?",
        "_LkCw",
        "w7O4ta",
        "Nzb76",
        "B;l02",
        "X_Tws",
        "_V7N3rK",
        "@!c<vN",
        "Y*%\"keK",
        "C*a3/}",
        "Y!A7t",
        "LbuC[",
        "5vgP1",
        "0U:!;",
        "d7,,r",
        "@swr,",
        "9:2Cq",
        "j0Xf;",
        "'D5L8",
        "qdb#e",
        "LKJYw",
        "Z `Tr",
        "g6Z7;",
        ";'NP1",
        "E2|P2^<",
        ">:ZI;",
        "u&LG_%",
        "m5!I{",
        "5\\\\i~",
        "!SnLT",
        "j@ziF",
        "O1!)Q",
        "DK@F3",
        "p__B&",
        "MQ,5?v",
        "#!(FR",
        "V7_QI",
        "rxWAR",
        "KH$N6",
        "WOzDDA",
        " }z:3",
        "\\5GK_",
        "c.\\\"Q",
        "v]s%$5",
        "|]:=2y&",
        "Q:/;D",
        "08%jJM",
        "V`V%L",
        "nHz~m=",
        "90~%&",
        "2$2,242<2D2L2T2\\2d2l2t2|2",
        "hr-BA",
        "Z?FWY",
        "&r\\)qfB",
        "TbjpO",
        "Z)l;6t]",
        "SZ}c(",
        "?a4g$",
        "Q]=sR",
        "}CH[#",
        "#gO6I",
        "IgdX\\d",
        "*)D4Y",
        "~:k_>",
        "C8`f_",
        "iYP:3w",
        "F-QK!p",
        "\\*Aco",
        "@+<me",
        "AgsdQ",
        "2GPn\\",
        "9&8_i",
        "n=%Q[",
        "GtE)'",
        "NT),@Oc",
        "LGT-&",
        "skWDh",
        "CreateDirectoryW",
        "sv/^Y",
        "}tc0{Q",
        "L%h9!",
        ".-jvk",
        ">[bF#",
        "MLh0-",
        "z9Pia",
        "DN-)4",
        "\"YvRQ",
        "FcF85",
        "`k/Qt",
        "1_ z0",
        "[?ngl",
        "3<Mpc",
        "fYqY2]{",
        "E?7we",
        "Yu=BM",
        "Ug5?c",
        "!+U(k",
        "bLY=&C",
        "R6v>P",
        "HP1Z/",
        "N4CUDMNO",
        "4hYKv0",
        "th-TH",
        "NLV J8)",
        ">L?`?",
        "h:L$0N",
        "h8.7#",
        "$o@}7",
        "W!>z*",
        "k5+-#",
        "Y`/\\\"",
        "n_|+0",
        "e,WzR",
        "DNLA=",
        "HkG<m",
        "y)*au",
        "@0{dk",
        "8e\\~:",
        "B[o(_",
        "dCi*-",
        "KDEpG",
        "Z}Int",
        "l}`Mc",
        "SD)6v",
        "Choose Directory For Extracted Files",
        "CryptGenRandom",
        "CXb}:wk",
        ")di[u?.",
        "s`6~K",
        ":OGTG$HJ",
        "\\58XR",
        "GetComputerNameW",
        "KB@]#@",
        "uMrC0T",
        "+2,R,",
        "?czQ=",
        "o[t<cW",
        "IH9O^K",
        "!x%\\z",
        ">&]$Z",
        "vr*)d*",
        "%'oY\"`",
        "O[iQ7",
        "p0OK;",
        "UqWJM=5",
        "SjKE$U=",
        "j\":+WFh",
        "V1<Ch",
        "O_yP{",
        "q[Ebh",
        "U?4|c\"",
        "_$AD\"",
        "?O-)Az",
        "`)]eD",
        "'L7mL",
        "7'~Q~",
        "3:#-I>",
        "OT~/6",
        "9S0]p",
        "^ieJS",
        "+78\"+",
        "D=k]C",
        "+LRw0V",
        "9BYm~",
        "TM\\}0",
        "0VSw`:",
        "]{ZOA",
        "F=!A3",
        "0Q\\%L",
        "?mW6W",
        "Aoq]`",
        "8j=@\"",
        "nn(?f",
        "/P/gp",
        "KyAJ6~sf",
        "#W'0z",
        "=wp@e",
        "=*;9(",
        "D(\\p$",
        "8J9hKb",
        "gmst_&I",
        "4Hg~>op",
        "kD~+Mu",
        ".cOfv",
        ")(qShkd",
        "HN&cw",
        "`_Esg",
        "9 9S9",
        "B*qr+ ]",
        ";xzid",
        "':UF~k5",
        "$h5?'T",
        "f3GGj",
        "t32OWX",
        "R>I/-0",
        "X2!V[",
        "If#w6",
        "%c`d9",
        "Dm| \"]",
        "Rbh!Q1",
        "XkyRw",
        "6\\.&,",
        "'342j",
        "cTF4uMF",
        "75dMxi",
        "JtJelc-",
        "idnvs",
        "\"<v6?O",
        "IK.*n}l",
        "7@Qjg",
        "d+TbW",
        "]I`\"UC",
        "\\9$Lt.",
        "[bdkV",
        ";DX\"0",
        "A=4mh",
        "SP'^-",
        "Csz:t",
        "*,U%.",
        "S%jOIo",
        "\\)+*;",
        "Cr4Z%gC",
        "53>2A-",
        "\\?y(g",
        "\"lWzb",
        "K;JrO",
        "+|4XE",
        "5B{7)",
        ">/V1*",
        "9B,t@",
        "ZIleA",
        "-B# H=",
        "q FHl",
        "FQ)3v=+",
        "\"#GdY",
        "(e2a^",
        "Npl-)",
        "rN{}C_e",
        "vevhp}O<",
        "\"vQES",
        "Failed to set dll search path to Windows system directory.",
        "Gq`,~",
        "'+q<3",
        "M$Oj9",
        "}nvc2?",
        "qP2/}D",
        "=Zt81",
        "\"msR0",
        "/c|f,",
        "w^y-x",
        "zG(9S",
        "a1`wR",
        "a-ri\\",
        "$+9bn",
        "W-,]|-m",
        "ND$Jo",
        "KO L\"c",
        "gmy|\\f",
        ":lru.E$",
        "FcYW!",
        "(~*v~",
        "+<tZ]@",
        "PD}Kwr",
        "`~sc+Cys",
        "PFvkn+",
        "(N]&%",
        "o9&f. ",
        "B';RH",
        "U7dPh",
        "[qy2<",
        "Fpi|k",
        "$dLYH",
        "Z\\88j",
        "]-}94",
        "i8~IeXIT^#L",
        "YgMpC",
        "sGrGi<f",
        "v8W!R",
        "1e>bHCMj=3",
        ".rtc$TAA",
        "M>u3;g",
        "nl-nl",
        "L\"\\Nze3",
        "+,#MY",
        "E8]&I",
        "r['gV",
        "K$1JI",
        "6_%=#D",
        "7efu|",
        "g5pw)",
        "6Us9I+cR",
        "/{3nMA",
        "8.cQ~",
        "07`RP[",
        "mIGx>2",
        "\\bP}Nx",
        "?Qpw^",
        "[r{V[",
        ",X4>}",
        "\"mZ`ND",
        "J,iPm",
        "kZ`/g(D",
        "!Xv;V",
        "Ra%{D,",
        "A4R>{",
        "Bk#\\w]]7",
        "r875Z",
        "  _\"(",
        ":gLmR",
        "Pj_DK",
        "9{(~s",
        ">@Xnn",
        "&D<e-",
        "CNc2eqB4-",
        " \\V2D",
        "2=5cGT",
        "\\5539",
        "J]:zm",
        "EEDDw",
        "-x64.cab",
        ":@R20",
        "`vcF.",
        "_PmNOg",
        "=FB`h",
        "kViMe",
        "rO`S44",
        ",}t5+",
        "?%?6?",
        "=_#xzi",
        "wy\\gZ_",
        "H cza~",
        "*Dm_h",
        "gCDoq",
        "cIL=&",
        "AKamPmI",
        "\\V\\rd",
        "%e-M@",
        "xOeSf",
        "khXZlU",
        "$eO/A",
        "k=SCj",
        "lNnX]",
        "Failed to realloc cleanup list buffer",
        " iH?o8Jkx",
        "Mzy:f",
        "7./?t",
        "K_>G2R",
        "%lI#N",
        "x&7u)",
        "C86=_",
        "tF>Y#",
        "x3YR#",
        "se-SE",
        "Wwhz0",
        ":9vA[F8D",
        "pG#m_:Q",
        "Wy\"t5'f",
        "u2;*C",
        "dc~O8",
        "af9&[",
        "j:Xf;",
        " O !U,",
        "\\Y'Pl+B",
        "g{l~M",
        "W[kh]",
        "|$PR@",
        "gyjJa",
        "IWHN2'",
        "JsCtE([",
        " \"+82C",
        "<#gE3L",
        "O\"lx=",
        "R;Ga*",
        "y{s v",
        "`'CD*E",
        "t;=2-",
        "!jfQ|",
        "P!:Z$(!",
        "IDATc",
        "!m9e!B!",
        "Knh*6",
        "t\"3g\"",
        ".aM'F",
        "jfa31",
        "m8}EeUy",
        "#^+aZW(",
        "ij,Te",
        ";]#q#",
        "F<ZbX",
        "H,Jqv:",
        "^n{9t",
        "MKFY{",
        "MtP:q,",
        "Qzeo?",
        "-?PQq",
        "y3FN4",
        "%v$dV*F",
        "K.i$}",
        "^LuZMs",
        "5|,)?",
        "I(urvXj",
        "0s_ai",
        "vs_bootstrapper_d15\\vs_setup_bootstrapper.exe %_SFX_CAB_EXE_PARAMETERS%",
        "As%>}",
        "\"YVmF",
        "Z< Q6",
        "6Oj-L",
        "01KLHpP",
        "[!s`S",
        "2>uTz",
        "\"!a.v",
        "?w3vV",
        "w@]aUA{P",
        "C*W\\A",
        "J|n4(",
        "X]tDo*:dE",
        "ZvX(>",
        "9':<:E:N:r=",
        "S%yjz",
        "^Gx!|",
        "}L2:j",
        "D8PIe?",
        "D,8;Ku",
        "rC :7",
        "r6f;u",
        "@LTwwn^@",
        "wL*K)",
        "95:TB[",
        "}/?\\N",
        "z5=hl",
        "cC$a[",
        "ryElP.Jq",
        ".CRT$XIAA",
        "2=<\\O",
        "%.\\Q6xs",
        "=SbhJ",
        "jzX#v",
        "DZ5sT",
        "NII,|",
        ":OE%iM",
        "O=:0aV",
        "JY=KR",
        "~0#a>",
        "\"3bU\",",
        "gS7#g",
        "s~HM'",
        "!TBLf",
        "i8xqu",
        "@,0R0pk",
        "ms-MY",
        "Sunday",
        "+L7/?!",
        "wKG[iE",
        "N.T,\"",
        "/Q]y'8",
        "@i0sTCwj",
        "1ksTc",
        "\"?Bs>K",
        "J\\&[T",
        "v[M~G2_",
        ">ypxe",
        ".CRT$XCZ",
        "sF'',",
        "zxw<2u",
        "1&101",
        "0VZS4",
        "WV=nd",
        "A[Wz{",
        "N_JcQP",
        "Hp0%,",
        "_}Ge8",
        "BUegA",
        " ,+DTIi",
        "i5]rm1+P",
        ";qU%=",
        "KlA:r",
        "!Ob;B:Fq",
        "N4d*kl",
        "n8eze%Y",
        "O];^u",
        "^%KR+f",
        "8p/*G",
        "61baO+",
        ".,(/5",
        "\\5'Nh9zz4/",
        ",I&a2",
        "!0@<&",
        "@DyC\\",
        "tR9$d",
        "a=}3S",
        "W6K b",
        "]nX*v",
        "?!ohe",
        "J.>GbX1",
        "vo4R0",
        "7kE0a",
        "4,!6U",
        "gtr;\"c$(",
        "pd;]$",
        "U/:yVA",
        "4)4M4_4{4",
        "dd,&3",
        "'A%pue9R",
        "m.N>L",
        "%|*ie",
        "i: s1/",
        "|M}&G",
        "RWPQj",
        "+WSez=",
        "K)SuJ",
        "Qm]rN",
        "b}qP^",
        ":-nr=",
        "b9MZg`",
        "m*4*tv",
        "WGpop",
        "'UjAL",
        "A9<#c",
        ",n:8i6",
        "yfH-A",
        "pU9CQ",
        "-N5|j",
        "he-il",
        "TN;n,",
        "'pEOv",
        "EfQa]",
        "nhR*e",
        "j\"[VWWWW",
        "}&=Q%",
        "0~B\\Js",
        ",01ZO",
        "~rJE7",
        "3]O >D",
        "U0wJn",
        ",oZh/%*s/",
        "a')6/",
        "(.\"<'9",
        "_CE*x",
        "ck;J[",
        "Jfr-q[",
        "kJ|5K",
        "66x_.",
        "sma-se",
        "^&-i97",
        "_Ukc&",
        "^jDvj6",
        "<,'ws",
        "da-dk",
        "KB[6~",
        "519KZ",
        "FT|hs",
        "JW xku",
        "*<c&k",
        "DC-5ym+",
        "BbPX?2",
        "z_W%!G}O",
        "()>$w",
        ":wb?U8e",
        "VfUk :",
        "a_|$:=",
        "\"Zu~RM",
        "`PVlF;]",
        ")~]ez",
        "Jp;cBS6",
        "g&$ms",
        "@(VGC",
        "~(RQ8S",
        "U|zuS",
        "7;[%q_",
        "MS(EQ",
        ";/Y$?",
        "]Q>L=",
        "O#zoD<x",
        "0<0D0L0T0\\0h0",
        "A7Lfn8",
        "2p.{b",
        "f/hA[-",
        "\"89H1",
        "ltwHu",
        "A0F1~w",
        "+crNObM",
        "Rw3/m",
        "U7ekM",
        "ubH.us0",
        "cIc`a*s03bT",
        "k62U_%",
        "?zT&p`",
        "qQ,CF",
        "@GEAB",
        ")]Ol\\",
        "GetProcessId",
        "0r:%q",
        "^.UC#",
        "SleepConditionVariableCS",
        "b[ v=}",
        "Zo@l|Lb",
        "80(yiI",
        "(j1B4",
        "tHK-Abn",
        "!M7nv",
        "jQU\\5NZ",
        "n7c9bt",
        "Pgk#=",
        "H#+37?/A",
        "^qicz",
        "|WGh#2",
        "c.Q$h",
        "+\"O)W0v",
        "}.rR/",
        "9%R?/",
        "7`'lM",
        ")nYR!,",
        "GI#N!Y",
        "J1Kvd",
        "|x_6]",
        "0wG0.",
        "w2)*s",
        "VqW}Y",
        "U9HX5",
        "bad allocation",
        "user32.dll",
        "standard",
        "L]'$:",
        " Lbtn",
        "8^PV*{",
        "{gb!nKm",
        "yN\\be#%",
        "qVAWA",
        "rOl>(",
        "lUem&",
        "~)H_6",
        ">>LFr-",
        "?\\.b#",
        "e>0xa",
        ".sYxPR",
        "}O:]Oy",
        "tb9^4~]",
        "v#2_)",
        "J`W1h]+",
        "Y-N=A{",
        "3y/?>",
        "m*^)K",
        "vEmoH`",
        "gq<tnWY",
        "_S{M}",
        "8FhG5>",
        "EF;WT.",
        "AN(Yp",
        "/[3YqT/ ",
        "hJ+X<",
        "9!0*<M",
        "kk-KZ",
        "rJ**x",
        "Ov3^g",
        ")M.[t",
        "6Zjc_",
        "e(SVf",
        "tPk]}",
        "nShield TSS ESN:9200-05E0-D9471%0#",
        "d+4QBu",
        "2M|IcT",
        "?W^>v",
        "ln43G",
        "MMh %",
        "Cc!?v",
        "=:cgB",
        "NY=6J",
        "l9Fig",
        "i<tN/",
        "2R57I",
        "bx=j!",
        "A:rTj",
        ";?Q[x%!",
        "wNtsH",
        "B~B nd",
        "<j7(g`",
        ";K21'",
        ";o\"oO",
        "o?-#w",
        "k3xRb",
        "F4Y_|",
        "PQQVW",
        "(2\"<uW",
        "eoP\"}",
        "\\Tw{g\\",
        "TLt_&",
        ",DJ`+",
        "K<e'md",
        "\\MAM4H?-D",
        "Kkx80",
        "J.O,'",
        ",@zU`",
        "?66F\\",
        "pq>MT",
        "T)V*~aL",
        "a,d\"{",
        "*i<\\f",
        "p9B2TvKq",
        "Oo<7}~Y",
        "GGFWj",
        "t[7G,",
        "d*V/9",
        ";4;8;@;H;P;T;\\;p;x;",
        "U.@kP",
        "xdvXS",
        "|*M'3",
        "Jp;hq",
        "@utfB:x",
        "&-*$0Y<N",
        "gFOov/\"",
        "[{Uv\"<+",
        "v=57D",
        ":u'8X",
        "A<eM/#y",
        "r.Ehn",
        "<Yw%o",
        "pvXTT",
        "sure that the folder in which this application was downloaded is",
        "ld01t",
        ";^Vcxf",
        "|?.io",
        "LocalFileTimeToFileTime",
        "\\r5f$5",
        "QueryPerformanceCounter",
        "O@x`1v",
        "gdP'[@mZ",
        "xOlL)",
        "&pqN'~uO",
        "3#PkW",
        "P|7jD",
        "`managed vector destructor iterator'",
        "NSvL8",
        ":qi;;",
        "wE<5l",
        "Gc!zPOo",
        "'s4Zb",
        "a4HHx;",
        "&\"_l[",
        "+9fJL",
        "DQ=la",
        "+;2@&",
        "P#S7J_",
        "^%`\\P-",
        ".fCSF",
        "T*h/)",
        "!'Y#C@Q",
        "NyQKr",
        "$(1(Z",
        "}qv4'",
        "O)|#:",
        "mVz:{^j",
        "VbC(Gt(U",
        "]Go{=",
        "D,i),",
        "HmwRu@",
        "aS'(nk",
        "=rkl4}:",
        "S;nUY",
        "LNDI90",
        "GW4.m",
        "3hqe8#",
        "%Tq%RbE",
        "&H;R*",
        "&Hs4y",
        "fmZr=",
        "m|E\"_",
        "FYcrf8",
        "URPQQh",
        "Y*iR8iV*c",
        "OS:%m",
        "log10",
        "G5[%ce",
        "]Hk! !5m",
        "k]Z)n",
        "R`$/V",
        "qN,${",
        "m#fk&7",
        "uz-UZ-Cyrl",
        "Xfe*{",
        "11181",
        "ev[/r}",
        "\\[BW$",
        "B[H`h",
        "TQhbj@",
        "``hE%",
        "lq>s3OC",
        "\"_HDP",
        "_SY:g",
        "r2G0da@",
        "LF*f\"",
        "f-:pg",
        "6GYVI",
        "3PMk(]J",
        "oZh:Y",
        "g4In=",
        "|WD]-",
        "?i[cf",
        "QQQQQ",
        "RA\\7k",
        "LhV5O",
        "omKgl6pb",
        "V)tiz",
        "K:0Zo",
        "apct-q",
        "ar-qa",
        "<Xf`c",
        "SetFilePointer",
        "PvD;)m",
        "R?\\C`N",
        "Lv&iQ",
        "w0&XXP",
        "~uWR;:",
        "MeB;b",
        "s[$X0",
        "lTp*:",
        "R=>~x",
        "Q!L0ot'2",
        "8M]HSjx",
        "n$v74",
        "H%x+E",
        "*bu3wT",
        "#n6ib>#;",
        "Z[`hz>",
        "CRVrm}",
        "[ze}3)3",
        ":P.hx",
        "DGG`R6",
        "@[Szb",
        "c7~na(",
        " Bgpw",
        "<&:sm",
        "*gX4zP",
        "G;ndX",
        "Y2![R",
        "o`&<#t",
        "9E WW",
        "o<> m",
        "TWMB\"",
        "DtEVW",
        "jS8K%",
        "ImZh4%)",
        "ca-ES",
        "yP?(~4mS",
        "4Q?by",
        "1TveO",
        "O573P",
        "CvLR?",
        "WHyn:HO",
        "WMvY*^",
        "'bG{hw|",
        "S3~l#b\"",
        "n#)w+>",
        "BXd5fT'",
        "Txxe7",
        "ek:el",
        "C!(=7z",
        "=f|cd",
        "IcLG-",
        "2!2}2",
        "bt}sX",
        "Iou&{.",
        "cY\\&*o",
        "6cVuV",
        "$Nwz,",
        "hKcJ/",
        "rGgGc{",
        "_Q(TJJDSc",
        "ns-ZA",
        "-!)#qz",
        "K1V\"Ze|",
        "T\\=%s",
        "acAv4",
        "t^lRD",
        "D-,Jxn",
        "Vc'zMy",
        "+WR;js_y57",
        "JSe&9",
        "9ay7h#",
        "sVVBbZF",
        "sS;;+",
        "{xY:I",
        "y)$uI",
        "v+]|7",
        "<yk-r",
        "gbX,*",
        "8<E&mu",
        "d\"K]nJ",
        "BHV$K",
        "ckCVDv",
        "/#a\"bh",
        "r{1oj3",
        "@j1JV8t",
        "f),GaH",
        "6.:'1?f",
        "%f&?G3",
        "o*#y2",
        "sy?A9",
        "+6<S|",
        "=n=oU",
        "[\"jG,",
        "e$y!=E",
        "58FK9",
        "O:{$a",
        "Q7qGv",
        "kKPc-^V",
        "vI5gbW",
        "`4mmu",
        "%{z0pA\"f",
        "cN\"QB",
        ">\"3-g",
        "D4{&=",
        "<l^&n",
        "e{(LG",
        "7qi{p",
        "z<<yO",
        "oL|$=^L",
        "4%cFE:b",
        "\"CMa ",
        "'WGa\"?QXW",
        "+72W)!",
        "4K[B:X",
        "}?+,2",
        "or:xa",
        "[/Z:w",
        "@{|VY",
        "9YX~!",
        "y=Z,@Q\\",
        "5wK8-",
        "y(7?IN",
        "-x<%%",
        "h]W =",
        "Avz/S",
        "nBtl~",
        "`dM}st",
        "&/32^",
        "3i3|4",
        "&t)&e",
        "&tQC5",
        "RDV/=h",
        "3Bzr(",
        "V\"`WQ",
        "es-do",
        "cC\"_b$",
        "T%7'N<",
        "a[E,l",
        "VbP2l",
        "I7i,\\",
        "iXy|Z",
        "+,r(q",
        "Bd[sB",
        "R*>F\"",
        "%#~%|",
        "`I[hj",
        "152A2^3e3",
        "aIYqV",
        "Efi0(",
        "Sy@\\h<Bn",
        "1>_Wi",
        "|4b d",
        "iY~LQ}",
        "_%_9o",
        "2\\\\LF",
        "1.d?-~",
        "n:7aFF",
        "N?5}L",
        "Kq]g$",
        "%/'Bl,B",
        "f\\Dc)7",
        "@api-ms-win-core-fibers-l1-1-1",
        "31H~5",
        "?t6h,",
        ".rtc$IAA",
        "[j4J*",
        "}1_|Km",
        "A8 `Y",
        "E?4d`m",
        "p=$(J",
        "l_P=Jz#",
        "DwbVvc",
        "CVK&p",
        "%+PI6",
        "_6H`)S*",
        "qChqe GmG4",
        "{)4~_",
        "[k7x,",
        "o(R<OY",
        "S BUad",
        "\\/GC'P",
        "r(q>v&g",
        "$|;v.",
        "KxP_X",
        "FreeEnvironmentStringsW",
        "RIDQC",
        "sB2fp",
        "F!Ry{;",
        "&&-zy",
        "_?z[l",
        "qKV|-",
        ":nmyCf",
        "va%Qm",
        "'KWF8",
        "5$5,545<5D5L5T5\\5d5l5t5|5",
        "Y^-\\;",
        "3ATN)",
        "mj|8H",
        "ORhD#!(j",
        "s`!MT",
        "U=W0Pr",
        "2eR2W",
        "2R3Y3r3",
        "Oj%t-",
        "VIhW{b",
        "SJ1n@",
        "`|`4)",
        "Ou@~B",
        "-AT{u",
        "y{Mvc",
        "d)#hf",
        ">JL|z",
        "VF-mf",
        "%fNy-P",
        "3@yFyy",
        "Failed to stop reporting progress",
        "2#h!,(",
        "4H[~a",
        "QlX1'",
        "*,3f(&",
        "8UG@VU",
        "8|\\`}",
        "zF[2J}_4}",
        "AspbnM21",
        "kF8DII",
        "%0DY/",
        "/jfv?'",
        "v]j>3F",
        "{28`n",
        "ZKmWp",
        "\\k{&3Q",
        ":8=Cz",
        "x\"'Jl",
        "l]$kku",
        "FH'I9",
        "D{.kA",
        "KVH!M",
        ".4 u2",
        "%|$NIt",
        "\"7fD~",
        "GetFileType",
        "4Xm}a8",
        ">^l(\\",
        "puOLV'",
        "m'Y`x",
        "VVK-x",
        "dODT`",
        "`eh vector destructor iterator'",
        "Ss@Y`",
        "monyB",
        "Htq/b^",
        "a}UB6!",
        ";S(}J",
        "yEg2,d",
        "_Pm(B",
        "GDPu:",
        "A~*PKW",
        "a7g1G}",
        "a4@!>{",
        "J\\qkFh",
        "Iu'td",
        "BkZ\"gS",
        "T9QY1",
        "]`\\ ]",
        "Failed to set __COMPAT_LAYER",
        "4@K>(",
        "~fTg&",
        ")~8j>",
        "3@SQ2",
        "q*wDV",
        ":f~.F",
        "Dec|LM",
        "rWd\"`",
        "210rQ",
        "rH:-N",
        "&P4]-^",
        "^9&bBH",
        "V7WcF",
        "vR^$/",
        "11`Eg1",
        "Yvdoo",
        "S^\\ g",
        "mBv{t",
        "^qU.=t",
        ">kfhU8",
        "}wfns",
        "iL4WO(",
        "tB<z6\"",
        "Uxwa_GA",
        "{&sI(",
        "!Hdp](",
        "|mRc8C",
        "@Kz2-",
        "de-de",
        "Q6JPJ5",
        "30'po",
        ",$.+&",
        "wuy^Y",
        "mKX!H",
        "J3@v<",
        "2^oj>",
        "FS4>(q",
        "&JY`61",
        "xA-8\"bS",
        "OU_:(",
        "4\"Y(I",
        "6(h9O",
        "D|H&a",
        "%*K-2",
        "G`Ss00",
        "+n2/2",
        "F\"[#\\",
        "FEt\"b",
        "5'B%4",
        "j$&i&+",
        ";[?[B",
        "{UWen",
        "kd gu",
        "Tb'l^4",
        "q 4q'BK",
        "?S2c3",
        ".T$5kWHt",
        "NYn\"d_",
        "3UsE]",
        "'G.q'T",
        "<\"6.7F ,ATU",
        "(F+&G",
        "=dYgD",
        ",;45-",
        ".edata",
        "OW^&<R",
        ")a#o]",
        "`0k2J",
        "pF|lL",
        "0+191P1",
        "dp+^]",
        ";EZ.&",
        "Y5ovk",
        "IXit^",
        "LU\\sJ",
        "_nextafter",
        "[[id-oo",
        "M5}+<",
        "8@ME7",
        "&|J9.",
        "g>yCQr7",
        "|Ps}K",
        "t~%\"/",
        "H>~Gjt",
        "=xvb^",
        "q*w!e",
        "ar-SA",
        "2sgEP",
        "]K;+@",
        "PRnaw",
        "_;z0`",
        "0D_L_",
        "II\\LE",
        " [yZi",
        "%$(pW=",
        "oe\\?*",
        ">.Wb5",
        "Z9=Og",
        "4gg8`",
        "@)yI$D",
        " %1+\"",
        "sVn][b",
        "\"xQT6)",
        "|&d-f",
        ">KR\"k",
        "DYBt`",
        "?]+kgW",
        "%G{OR",
        "r*f;u",
        "O5qZRn",
        "~z ^[",
        "IWkKbz",
        "C/0vH",
        "fd9dz",
        "8snim",
        "diR:P",
        "/)8-Y",
        "pU=AE",
        "T:>Z2",
        "U@Vvp2",
        "s#Z`I$",
        "6|iY!",
        "9RXN3",
        "Th DS",
        "1#[v8",
        "'e^fL",
        "D?V1[",
        "BS VWv",
        "h<Mrv",
        "/8kW7",
        "N68Ad",
        "v19JG",
        "!_y_,",
        "NS;4y",
        "Y3%S]F",
        "!-;Z==",
        ".tq/^",
        "STS+C",
        "qWsNT",
        "m%G]2D",
        "4NR[V",
        "fU.By3",
        "IG:0C",
        "e!{%(I",
        "dgQig",
        "`!)+<",
        "wc?[NdS",
        "<O'j~",
        "?:}ol",
        "$e3Zb",
        "9Ifj9",
        "2^QrK",
        "K&v_3-",
        "^PQQQQQ",
        "U\"@bBe",
        "L*:@+G",
        "_s}=c_",
        "\\xl94t",
        "layout",
        "SetEnvironmentVariableW",
        "q`QJEH",
        "`3f;[j",
        "xh-ZA",
        " m(I\\",
        " vxT7",
        "%5rX.",
        "9E4$Hu",
        "/=I4e",
        "kWs(S",
        "/X7e>",
        "ijsI4",
        "^QXv]_>",
        "et1EZ",
        "q[HDj",
        "v\\DkW",
        "(}BkX",
        "3_Hi.W",
        "?[0+{",
        "The application cannot find one of its required files, possibly",
        "'0j{O",
        "3X,1s",
        "{kpq{",
        "O(D:N-",
        "scPBM5n",
        "4(`D^c",
        "M:Mk{",
        "oz6af)",
        "@=5iI",
        "5<+zG",
        "\",IPd",
        "]-\"[k",
        ":,:4:<:D:P:t:|:",
        "qtPgq[",
        "?`Nw5",
        ":%z-'",
        "v \\71",
        "8%878I8",
        "C~):U",
        "$a)S&",
        "G.c%u$",
        "aEHP<",
        "]=g%yBwa",
        "ZJE0P8jS",
        "A||%\\.nc/",
        "*{FM#n",
        "ar-MA",
        "S> k<",
        ";\"T.A)",
        "dHQ%;",
        "~Mw0\\",
        "U$F\":",
        "sk-sk",
        "p4%pn",
        "'HYGN",
        "1#INF",
        "<0<7<_<g<t<}<",
        "`eh vector vbase copy constructor iterator'",
        "y~eEL",
        "A}d{B~@",
        "ss]za",
        " @50,o",
        "0(p[4",
        "JTx,x",
        "Swap2",
        "@\\96R\"",
        "7_~~'",
        "_?@cj",
        "&8M#A@",
        "LN n`i9",
        "2aJ?R|g",
        "`+D_}",
        "k;pdCi",
        "/sXg)",
        "UNj2Zl",
        "<ir8]",
        "N!P1Oo",
        "__clrcall",
        "4`}_G",
        "6-'//z",
        "^C!d>",
        "%XXAv5`Y",
        "B$Tvt=o",
        "Yhk{A",
        "+r}<-",
        "?fhu4@",
        "\"ta0z",
        "GetOEMCP",
        "l\"|nDk",
        "ME</A",
        "hi-IN",
        "x:8cS~",
        "*}]lZ",
        "; m*;2[",
        "\\iJ|XV",
        "(hQvk@",
        "a*~2;",
        "b_l](",
        "D.]0v;2?",
        "K=b6.",
        "=C{x;",
        "pd/L%7=",
        "h72d7",
        "+q]}F",
        "7\"7-777T7",
        "7LHHh",
        "98[vD",
        "K3bMK",
        "[)drFF",
        "mh[)(",
        "PdEI%",
        "[X0o4",
        "srCk`",
        "xAJJBX",
        "7XCC,",
        ">=-mA",
        "DeleteFileW",
        "[=`vgQC",
        "?N:}]",
        "oWtM4",
        "4-x+(5",
        "q{!!g\"",
        "                          ",
        ":_w$H",
        "zU;!d/",
        "&9[`n",
        "ar-AE",
        "Z{K_z",
        "*wS])",
        "I7_M%$",
        "L L;q",
        "[C`MA1",
        "iz*&2",
        "d*hJf",
        "}WKi]-",
        "*prQ]",
        "Xao\"n",
        "={HO3>",
        "]7FPT",
        "dRiJPr(3.",
        "&9116S",
        "f44>L",
        "quhR~|",
        ";i@75",
        "&%rq}",
        "!4#,ED+",
        "IDQ[/",
        "{n7'f",
        "Rrw<X",
        "/3)h?",
        "4AwQM",
        ":[kT{)c",
        "u_wUcl",
        "mH1-l;",
        "+ypEJ",
        "hB%5(",
        "4(4^4",
        "c+Pgc",
        "Ur:1?",
        "Vio\"K",
        "&./pQ",
        "7yVh3",
        "E&E1'",
        "gfb=^!",
        "wKnt[",
        "OF;o $",
        "yla&E",
        "WA_`MAh",
        "KnmA5",
        "j-Yf9",
        "p0k*^*",
        "|bt%z",
        "ZTh1[",
        "76Oga",
        "s'(zE",
        "WF8cf-",
        "BRkNw0",
        "=== Logging stopped: %S ===",
        "PCRS4",
        "smn-fi",
        "VLbCE[",
        "ZlBR ",
        "_v7:n",
        "!I:6l",
        ",y*$*",
        "tP(~j0",
        "FreeLibraryAndExitThread",
        "A|!0`vq",
        "P$Q5`",
        "I{;`'Pu",
        "@%&E5$%",
        "/0]W~",
        "3<n;z",
        "7%{M'",
        "+@CM}Y",
        "GQDCFj",
        ".}w|-",
        "ia's1",
        "uMmL(",
        "@b;zO]",
        "\"@HZ;Ac",
        "EmSn@",
        "8VO[IGi{q",
        "!QE=/",
        ";:m7_:m~i ",
        "X+%mt?P}",
        "STyuD",
        "C1uj7z",
        "kdI7Z)",
        "h@'d;N",
        "A.iqR",
        "W{{F<",
        ".UgeV",
        "<veq:",
        "Mv\"$b6",
        "6:DSN",
        "`J'/RE",
        "gN3@qb",
        "~{Gn[\")6*N",
        "eTC[z8",
        "\\G;g0",
        "8yx{2",
        "Wt!*o",
        "CClKh",
        "Pc|JZ",
        "!lKEw",
        "y!*gc",
        "<'ez^",
        "z>1'C",
        "=Gj%Z",
        ".w8XM",
        "H;LU5",
        "qEQ@j)",
        "DTI=K",
        "rCKaw;",
        "%Yt%V",
        "uu([R}5",
        "VC/hi",
        "T39}t",
        "hKa*$",
        "Swap4",
        "$}=+kg",
        "W4l~>",
        "K1%ws",
        "*tD=+",
        "~K!v-vC",
        "mh+J0",
        "Sx`-c2Z",
        "!vJ5F",
        "JY&Rv",
        ",6<{L",
        "JQ'oO",
        "]/w>j",
        "I5%j_",
        "A&?}E",
        "7E(aS?x",
        "hu-hu",
        "C@{(:",
        "DDyj>",
        "R&T!$D",
        ".didat$5",
        " F5)Q",
        "9N,_y",
        "Lxq4X",
        "M|\"?`3",
        "Y0W0U",
        "zPn@\"D",
        "Wx=+h",
        "JS\\x3",
        "U5'wz",
        "(*}oU",
        "Bnq2i",
        "p(oGH",
        "Y1aK-",
        "HBJo0",
        "9QQfI",
        "DZLg\"",
        ".?AUCInBufferException@@",
        "bkf~-",
        "zeP$d",
        "gosdj",
        "LN*4KF",
        "=OEKk",
        ")Q)KEw",
        "TuSb}",
        "Gy&yf(j",
        ". 3)\\=+",
        "=CC^W",
        ")PBjz",
        "h8z'+",
        "3\\Mu[}r",
        "Gkp,x",
        ">uI{u",
        "S\"g*;",
        "wH{ftRF`",
        "J{6op",
        "g@YK7",
        "s\\UN2",
        "^bf]v",
        "f^{C.y`XU",
        "lp;dEa",
        "W!6-Z?4",
        "RRqZ3i~",
        "nEWvD",
        "Wjl8O",
        "gu<l;R",
        "~8c%q",
        "-b0&T",
        "S[{KA1",
        "k-9;W|",
        "api-ms-win-security-systemfunctions-l1-1-0",
        "u`:G,",
        "4S;di@",
        "e<|[u9",
        "N1/S9",
        ";(n~/",
        "%;-mM",
        "b!#a4",
        "!:Byf",
        "GWQYlJ",
        "@11Ia`",
        "oTO\" \\T",
        "t4xal",
        ",>O!=",
        "([U]O",
        "DwrY8;",
        "RP;0*",
        "P:6)Oq*l",
        "u@#M$,",
        "G;{0|",
        "/3>BY",
        "i<.(2}",
        ",cH]5o",
        "FoGs%",
        ":SBYs",
        "0=.q~`8",
        "Cs1zO",
        "&76uL",
        "VAf#A",
        "8zZA:a",
        "=jtn=:=",
        "e*mNk",
        "RRP'<",
        "/~+|B",
        "QZ[O7F",
        ")d+_y",
        "OcZiK8",
        "c}[`u",
        "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
        "Microsoft America Operations1'0%",
        "uz-uz-cyrl",
        "V\\^Dm",
        "MHNP6",
        "^%s}#",
        ":22K5",
        "nm(j8(",
        "3[3`3d3h3l3+6",
        "RQ'YZ*Z",
        "Qd%m1QQ",
        "NC293",
        "f#hzM",
        "FNoo&>",
        "2B^&z;",
        ",e?`|",
        "MyHB'O",
        "N*`Ef",
        "J_{h1<",
        "WZ5BBr",
        "#&_ ,",
        "`\"|\"]",
        "Wzj*ftD",
        "-x86.cab",
        "M8=C=w",
        "pq9Ik",
        "X#uX7nf<",
        "Microsoft Time-Stamp Service",
        "$km4^i",
        "P'CcB",
        "H;8_/^|",
        "hfqWb",
        "~F|G5e",
        "B?TWwlY",
        "XN,mj",
        "A<Up|",
        "#.X'=",
        "b>BO<",
        "9K46=",
        "pN1[d.",
        "=?!Uz[",
        "\"/Egy",
        "qf='ZJ",
        "$xHuz",
        "236Hy|",
        "m:TJY\\p",
        "el171Y",
        "@:E%5",
        "C~s>8",
        "D\\`8A",
        "R,(c-d",
        "7Vp5\"",
        "K$o_9E&j",
        "p%q\"O",
        "*YW*A",
        "KusId~",
        "IsDebuggerPresent",
        "+GCVE",
        "PK0>~",
        "_JR1]s",
        "3J-!3",
        "9G0uc",
        " >sYB",
        "x:%V9",
        "iEhu*3",
        "R.8B6",
        "_wL'/Jou",
        "W\"33C",
        "5wg;PN",
        "!Ux+<",
        "WBaW+'",
        "1@[3,",
        "I.7\\ $*",
        "%^#we",
        "G*BPQM",
        "KA-Jq",
        "iYc ]",
        "%X5A<",
        "tcL;\\",
        "bU3IV8nkA",
        "vC=m;~",
        "]$&P=",
        "Czs\\L",
        "+PXFEot",
        "1\":gM",
        "w*h-FB",
        "\"OKp2",
        "MHNdQ",
        "8-vup+z",
        "Bm(&W",
        "!|]x$vT",
        "mSUeE",
        "]v9F{",
        ",q0!x",
        "9F$r'",
        "L#~~u",
        "7.\\%3",
        "!ySjb",
        "|H>Xp",
        "4`O5C",
        "8PKlj",
        "J*Z9J",
        ">LqN/6",
        "bDVyFT",
        "__restrict",
        ".8&:!",
        "34Nhs{",
        "@2Q[K",
        "y+`2r^",
        "piRichq",
        "m5km@T",
        "fV}f~c",
        "p^%yLq",
        "nCg.D",
        "@$zku",
        "?%Yw-",
        "j:Yf;",
        "S*z9(",
        "8F9p9",
        "%9{Nh?",
        "((&T1",
        "M4CN&(",
        "bukVRO",
        "J/tU)",
        "W7y09",
        "cy-GB",
        "se-no",
        "%Xl|B",
        "Jm69(",
        "=4y`py|",
        "qe'%{hc",
        "v]}fy",
        ";^MKZ_",
        "OF6*33b",
        "kfQ6r",
        "g1G~o",
        "OR4WS",
        "JynJ5L",
        "tt-ru",
        "RTr4~",
        "Voq0~/_",
        "pl-PL",
        "Failed to allocate space for extracted package name.",
        "Y/4tI",
        "K$ER#3T",
        ">@n+_",
        "n^4:(",
        "[%s] ",
        "hNZTX",
        ";m#1q",
        "RENXe",
        "hc<(Y",
        "XwE={-",
        "WOOgP",
        "S!@-Y",
        "@h:B#",
        "Jpu9!",
        "+=QPH",
        "ArRp4",
        "NR41t>K<",
        "padgP\\",
        "QB`ML",
        "4p?n7<zh",
        "?}M]5",
        "N?wC;",
        "<ew3g",
        ".WI7b",
        "r}e:WfS",
        "@ik*O",
        "N=j<*",
        "YO}>Z",
        "},Cgr",
        "vH{2Q",
        "1~jgbh",
        "'pV5l",
        "YH}kQ",
        "f2r(>",
        "L:-M>",
        "X5xYC",
        "Dxu)/",
        "TD<\"1s",
        "+{g}@",
        "Qd R9B",
        "AmqD{",
        "p=eJ\\",
        "gu-IN",
        "#*2b%",
        "*J0J-",
        "|, D=[",
        "CI)Lv",
        "$Gi-2/*S.J",
        "j Y+M",
        "67H&1",
        ">xwB)",
        "B6Z*k",
        "6%b@f4",
        "lL@U5",
        "R\"_KE",
        "FttD+;",
        "B{?H8",
        "?9CP&",
        "*~G\"#x",
        "G\\B=U",
        "U{X[T",
        "O97~\\",
        "G,J,H",
        "-KF3@B",
        ".f$O{",
        "/+-pJ",
        "5LT4q",
        "qPQQ</",
        "LzcA%Z",
        "\"I-Vts",
        "a_kiA",
        "YUb|<",
        "x<C2twB",
        "}i?Vp",
        "~#;~pt",
        "2'2M2i2v2",
        "_\\Y7f",
        "7T{E|;$ V",
        "9 {2P",
        "G;>n&",
        "x zPYR",
        "Q}4<`",
        " 4:OY",
        ";';3;?;S;i;|;",
        "C4s0E",
        "_[*DQ",
        "api-ms-win-core-winrt-l1-1-0",
        "}1@!X#]{H",
        "V8qj2}@",
        "XT&[y",
        "9Cdl~DJ",
        "Whdy@",
        "N*SUY",
        "{vAUCo",
        "Yh@GK",
        "QTW3!d}",
        "Tqiyd&",
        "au]F8#",
        ")=Fze",
        "riDm:s",
        "+odd1?6A",
        "$AwEMf{n",
        "i{:cRY",
        "pPCWh",
        "^'\\{,",
        ".{-k&.",
        "h0</A",
        ":0:@:D:T:X:\\:d:|:",
        ",L2S7",
        "E3.az",
        "s(KeE",
        "5>H/c",
        "=df'>(b@",
        "',9}yz",
        "XMj\\j",
        "qT;NX5a>",
        "0SxZ7}",
        "55ieYV",
        "w!}ha",
        "#'}rD",
        "t~nh0",
        "!@xa1",
        "_=<{:",
        "[a)7W",
        "P}M*V",
        "c0/@p",
        "$k8]::xK=",
        "w@Le ",
        "c `+0",
        "=Io(3@h.",
        "s7EV1",
        "USCLC*`",
        "<[<`<d<h<l<",
        "\"Ypy;",
        "nNohH",
        "3YzCT",
        "k#!A6|",
        "cQVZ[K~aGA'd",
        "(M[MG",
        "RcT0n",
        "User may have declined UAC prompt",
        "iK`&*",
        "8RMa>",
        "9e%ls",
        "A5XN[",
        "T58FC",
        "Kt'>C[l",
        "n^I|t",
        "*.;H7r",
        "Failed to set _SFX_CAB_EXE_PACKAGE",
        "+M\"wL",
        "|;er^",
        "fD\"49",
        "sK==+/S",
        "-T>OCp",
        "Q5oQQ",
        "DJx@{",
        "*+~1q",
        "p8l&L",
        "A0;F0u",
        "L$*o}p ",
        "CQ\"/Ed-",
        "EDn!|Ul",
        "QQ</l{si",
        ";B_{F",
        "Nh%c3",
        "PhJvy",
        "(5t?)",
        "`I> M",
        "Z!_eQC!",
        "=L9%D",
        "ckR E'",
        "Y_dmw",
        "^T$/W<",
        "<7R%m>C",
        "h7FR4",
        "68Kv5",
        "hsK\"r",
        "gZrb?!\"",
        " kEJx",
        "?p ~j",
        "xj5{q",
        "&(KS/",
        "J&z:p!",
        "KR;=~",
        "im8Va",
        "l7^WO",
        "@JJ3<%m",
        "z?$?%",
        "fZ2aS",
        "2~gQO",
        "`deev",
        "YH:n3",
        "S*c2:",
        "YQUG-",
        "1ZqX)",
        "2K*d/",
        "M}.4u",
        "5ex-r+%",
        "F;-X+",
        "*Ef^l",
        "k_}ew",
        "+7f7O?9",
        "jQWWY",
        ",O!LdeN1",
        "W$;W,r",
        "Hj(Jm9__m",
        "%Z`jFn~vL",
        "7{P'W12",
        "]rK&dun",
        "3;I%$T{.",
        "x4{n'",
        "((`y5",
        ")=M:z",
        "<= $i",
        "f8Mtj",
        "kn-in",
        "['3m2n",
        "2>4B4F4J4N4R4V4Z4",
        "[<gFN",
        "^X CTf",
        "xTnO |",
        "r= gTca",
        "OYyw:M",
        "1`}F2a",
        "6J0QI",
        "uO;QC",
        "7'=$y",
        "04MY$",
        "PK&?\"}",
        "]Jo/B",
        "_Yc|da",
        "!VMbay?k",
        "&r^FfOM",
        "\\f:3O1",
        "FG0p4>",
        "hc2=$9",
        "JF%X7S",
        "%f/P}",
        "2TCEw",
        "%QS-jZF;X|",
        ";k5fS",
        "Gx{1&",
        "h5.u!",
        "ju^m-7",
        "release",
        "QKbtz\"",
        "Ae7V?B",
        "AE}_U",
        "NJM*Q",
        "?O%I%~",
        "%w6 <",
        ">#U2/",
        "operator co_await",
        "PN'w/g",
        "xMdv|",
        "`NcX|gA",
        "EA@lA",
        "&{^DE",
        "C%<P!",
        "rKR_[(",
        "'U_@q",
        "Z!xGl",
        "-'V07M",
        "&_(!Y",
        "LEKWI",
        "hx4{P",
        "nn-NO",
        "lXT3[",
        "{#A0)",
        "j(P~+",
        "WI&+SO",
        "16(Y!",
        "L],\\c",
        "v1 ]ZG",
        "42t|g",
        "\\;8N?rD",
        "api-ms-win-rtcore-ntuser-window-l1-1-0",
        "]`6dH",
        "@z+%A",
        "w:no#",
        "iu+-,",
        "kN7/(",
        "{``=n",
        "r!PCN; ",
        "ko-KR",
        "gQN=>Nv",
        "!|)p&mR",
        "vQ]4'F",
        "2S0~-",
        "ma%{j",
        "v(zFE",
        "'zEz{",
        "?W2OT}",
        "uC9_ u(9_",
        "&;x:g",
        "xsbH8",
        "^8J`p",
        "@erm!",
        "Wdod\\",
        "{zp,J",
        "fr-lu",
        "^,Y~\\.",
        "V0aOp",
        "t5=[vw",
        "s{c3X=",
        "aYOm~",
        "xzx\"1",
        "jcRIH",
        "jOgtl",
        "r:[KZ",
        "pk\"B5_\"J^",
        "%RyTq",
        "^A@ak",
        "ma96d",
        "S2Q@j",
        "2yweC",
        "n{#y7",
        "*c/,^j",
        "LVl)&",
        "N:K1 ",
        "ABA^Kq",
        "s3?Ru",
        "9,niX",
        "bA2nV",
        "|m]o:",
        "Eo`\\w<m6",
        "Tu1LF",
        "xlK7Z",
        "Translation",
        "SpM)h",
        "5@`+po",
        "IsValidCodePage",
        "=RTJ~",
        "}JC$|0*",
        "9WfT9",
        "SRT|Jh-f?^V j",
        "m3cwO",
        "co5;]",
        "QZtYf",
        "*k5IS",
        "CJXU]J",
        "-X\\=*",
        "T*a w'JV",
        "p:GCl2^",
        "-!).\\",
        "[^InM",
        "BC9ZZ,",
        "i9}\\o+",
        "]9{\\Se|",
        ":#39ey",
        "{}|zE",
        "Preparing:  Are you sure you want to cancel?",
        "#6ZX6",
        "s~/j6",
        "qE5R;5Xgq",
        "D4fPW",
        "4%bq]",
        "tf?V;2&",
        "2AQf0=",
        "5BPqb",
        "Vivg!",
        "G[jLu",
        "s~eEm",
        "'1Y )",
        "Q@9>!",
        "-:e3@",
        "D}1Jo",
        "UC; \\",
        "3O0V(",
        "_B2~>*",
        ".idata$5",
        "465=5D5K5X5",
        "2_BU;0",
        "g?g<S",
        "!=mH9",
        "hOZqg",
        "}!jpG@",
        "'T|}n",
        "$U,0b",
        " I4KC",
        "ztJ,wF",
        "44k]v",
        "[?5%KJ",
        ")y7bD`",
        "__ptr64",
        "Rfx%3\"",
        "-}>\"Kx",
        "75vuq;",
        "[*3X%",
        "<\"IpW;VlKbz",
        "q|lID",
        ".?AVexception@std@@",
        "uk-UA",
        "KfD:{$",
        "xwwh ",
        "DuQa(k",
        ":KDe ",
        "@vK$R",
        "v{8$x",
        "B)tSu+1",
        "O#q+{",
        "7/)<@",
        "ThLCC",
        "$Q5,M",
        "BeWG/r",
        "7b]Rb",
        "$1~8H",
        ",i&@i",
        ",r\\*y",
        "AIY1X",
        "\\}jn=",
        "TWhNv",
        "L)mpp",
        "gl-es",
        "z$~t4",
        "HuSeL",
        "\"23;@",
        "242`2?3L3w3",
        "^dsPq=",
        "}7JQe",
        "G&?q?",
        "PPYvV",
        ":7d*/",
        "o~hq8b",
        "PX\"{5AW]",
        "WzJ(Q[",
        "bE.7<",
        "w(m}Q,",
        "N9?Dd",
        "LT5Wm",
        "n74+i",
        "']q4q@",
        "_mcV:",
        "Failed to get temp path.",
        "I7=TdT",
        "BcpZm",
        "'hiqAc",
        "tY2w1,",
        "EMe&g",
        "3lL)d",
        "Lqn7u",
        "j~8_w",
        "pLc)-ND",
        "w/+OA",
        "a7A{d",
        "Vp cE",
        "B7^kn",
        "F(PZu'",
        "V2X5O",
        ";8o#x",
        "K1#J\\**",
        "iPx<%M=%4",
        "xh$x{S",
        "XsnI|",
        "?Ei7(5^",
        "tw3FK",
        "ar-QA",
        "A.Zh(",
        "l*G?5",
        "F&jx<K",
        " 2=-h",
        "KBHtq",
        "2gW|([",
        "qi2bT)g&O",
        "5`E;A<",
        ",#vPz",
        "Failed to extract all files out of box container #%d.",
        "Dy=F54",
        "de-at",
        "m:X/0",
        "N@:dO",
        ";YYAl",
        " +um\\",
        "VndR*~",
        "u#fap",
        "ZV:\\ ",
        "F1/yv0",
        ">K8.g",
        "=D$&:",
        "Z{Ywn",
        "pce52\\",
        "SUn9Zz",
        "\"M=>=",
        "fXy0}n|t",
        "1#raN",
        "YF}sr^",
        "5jYJF",
        "5 5D5L5T5\\5d5l5t5|5",
        "#[:?j",
        "8?MlP",
        "}c]X#",
        "}U%Mq",
        "F|Ww\"",
        "pw=}#h",
        "\\1NN\"",
        "6R*KQ",
        "Y2V7~",
        "FH?5d",
        "3:{^qY",
        ")%.Aj",
        ":^g]Q4",
        "vvw3=v",
        " fQ#mD",
        "K=\\kd",
        "Ci4t@I",
        "i!z',",
        ")w1K&",
        "Hq{j;",
        "kSSSh",
        "p8JDH",
        "jzXf;",
        "Wx$>h-",
        "Browse...",
        "%`^YP",
        "Vy-9em",
        "Rl\"|[",
        "6hz}1",
        "1vuU,",
        "jUOdA:",
        "UrHvA",
        "3Cx-P_",
        "j6ty8",
        "5i8&%",
        "i_:qYt",
        "/i)(Z",
        "B~Yvp",
        "MLOmi",
        "?.wqM",
        "< I|{",
        "%K2\\Rb",
        "n7 gC",
        "`7M{?",
        "^`;\"4",
        "yPG{M",
        "P}og(Z",
        "i/c^Q",
        ")[$DR",
        "4@4Y4k4{4",
        "|Rj7Z",
        "V RI0",
        "gSI&FF",
        "8dk[L",
        "y%@LR",
        "<S4jI",
        "D.CW:%Q",
        "FY\"x0L",
        "}aB\\8",
        "o0M,q",
        ":d,W$lh",
        "qEx(V",
        "b,0brq[",
        "C!nEfm",
        ";z$|tL",
        ">D&er",
        "D7`Cc",
        "]7r.G[",
        "jF&X]\\",
        "Gi7dq`.#",
        "j_<pr",
        "4Fx0T",
        "]RR`v",
        "V_sY3",
        ".Q.:<",
        "V_(A=",
        "U*x$7",
        "qhKrR",
        "=D=o=",
        "D:w>K",
        "BdzRS",
        "QYETY",
        ",jV}:W",
        "E0}+yy",
        "P%:L1r",
        "GetWindowLongW",
        "?3;:`Dz,\"|",
        "DG;hU",
        "`/jTP4",
        "6\\dHmpB",
        "ja-jp",
        ": :L:Z:f:v:",
        ">QnkCbq",
        "u5;j7",
        "OU'Lu<\\",
        "oW\\|v3",
        "ro-RO",
        "#_gy&PC2",
        "C])H4",
        "Yqzf(YK",
        "2lhJg",
        "R{uWY-",
        "Q0Jn2xK",
        "n\\exC",
        "kF3-)",
        "\"pkY13",
        "|8};n",
        "V[-(py",
        "UY?hz4",
        "*M`Vr",
        ")]vUt",
        "#Y>>#",
        "ad`Kw",
        "O 9N=a",
        "Please install the latest .NET Framework from https://go.microsoft.com/fwlink/?linkid=840938, or Windows Update.",
        ":J/=%",
        "T:kng<",
        "<mDkb",
        "iRYE4",
        "'.\\nn",
        "1^,6L",
        "<U<l)t",
        "@s^YD5hk",
        "bootstrapper.7z",
        "Rp%:w'I ",
        "E1;TQ{",
        "j\\Xf;",
        "TmH>ai",
        "iWt7I",
        "rUIUH",
        "api-ms-win-core-processthreads-l1-1-2",
        "dwIx0",
        "Oya%w",
        "70W%?b",
        ".O>i=!",
        "OOXZk",
        " hJ?Vs",
        "`Yk}]",
        "9+HVPk",
        ":ztP7~dW",
        ";Z(vM'",
        "II18K",
        "+~`E`",
        "^D(CbU>",
        "I/w=7*",
        "y1g!t",
        "@_5cM ",
        "VJ:~Q",
        "h2bt@",
        ";uX86Il",
        "j/Yf;",
        "o])0ok*",
        "{(bvS",
        "pJb[m",
        "I4!6S",
        "JjlZf;",
        "EX\"Pcl",
        "DG?VMXH",
        "again after you have freed some space on your drive.",
        "i'o($",
        "^Yr*V",
        ";C#-B",
        "xm[H,`",
        "M+Ve^",
        ";`4s1",
        "-6D3rv",
        "~ $s%r",
        "yL?o$",
        "KsDQw",
        "-zVBaC",
        "/;Lug",
        "kf$8<",
        "$[YU?",
        "cd'Z0",
        "JYb<Gy",
        "s_9d3;:",
        "nl-BE",
        "C,)%a",
        "'&LI:",
        "jp[?j.=",
        "XB?7%;}",
        "cSt@0?x",
        ")Microsoft Root Certificate Authority 20100",
        "(5MY8",
        "zA4F}",
        "(:&*A",
        "eqIGx#",
        "pJ}ZU",
        "mM.<x",
        "1[Ssg",
        "D:\\a\\_work\\1\\s\\bin\\BoxStub\\Release\\Win32\\boxstub.pdb",
        "[DQ~3",
        "`^\\wBiU",
        "Mw*w`bo",
        "@l@PU",
        "q$Zj$\"]sn",
        "bAt)G",
        "5ntT-n",
        ">([Nz",
        "2#U^Z",
        "}G<t> ",
        ")ci{1",
        " XM#zvt{",
        "NAN(IND)",
        "5 5(50585@5H5P5X5`5h5p5x5",
        "c  +E",
        "gH42$",
        "j[*)a",
        "AJne3",
        "0`W`)",
        " .L4Y",
        "Qn^pD",
        "o-g~x",
        "saq#*",
        "Ec|qK4Aw",
        "`e|Oc",
        "'rtV7h",
        "9#.R+",
        "NuI.=",
        "uaCpR",
        "<$^U-",
        "L:Uvhc7",
        "1/;]Y",
        "66H$5Ox",
        "$jF,c,",
        "$\\?~3",
        "SNTI:5",
        "b_BGn",
        "H1b*cT;",
        "tbMPDa",
        "QrVXY",
        "T>!2A",
        "P8Hjm",
        "S&12'#",
        "\\UI;k",
        ">!>1>K>Z>j>",
        "`;yF2b(",
        "ZYm@y8",
        "lB_;[",
        "6hMT}",
        "]#fkZ",
        "\\;e\"t",
        ";kM?Kx]",
        "}L3'N",
        "\"k/\\i",
        "r9gAK",
        ":rvd.",
        "l=2yLs",
        "hr-HR",
        "%_SFX_CAB_EXE_PARAMETERS%",
        "W;@fe",
        "#\\q&em-",
        "ms-BN",
        "s+29$",
        "#9.P5",
        "o}`Xm",
        " 0~ S",
        "i~Ji,#w<",
        "n<Yu|",
        "]GqY}gA",
        "u!.>.",
        "msI42",
        "Z0;2d",
        "?l[4XC2cOW",
        "Q:/E@",
        "ffE1^",
        "a}iGY|",
        "|_fy_",
        ">dSo{",
        "=2O-1",
        "!\\GcQ",
        "7~1E$",
        "\\swEMi",
        "jf;1s-/",
        "Cannot specify /extractExecuteLocal in extraction only mode.",
        "{RG!7",
        "-M=]q",
        "f?aHA",
        "'U@MD&NB",
        "kdGN@",
        "9RL, 7",
        "\\T)v ",
        "~59z8",
        ";U:d%`Y^",
        "+vuLO#",
        "#?c2\\",
        ">FN,@",
        "t?xh.:",
        "InitializeSListHead",
        ",cK^#~T",
        "SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",
        ":#jv$",
        "I{o;vz",
        "oa/Ml",
        "^$'JE",
        "WideCharToMultiByte",
        "^$!ch_",
        ",>F^T",
        "(2|Az",
        "Ako9A",
        "|#[m4d~",
        "j2c_}WC",
        "Of**Am/",
        "D[z[R",
        "B|=:H",
        "fr-CA",
        "4v\"twAq",
        "gw/6[",
        "&zz@k&",
        ":(nSp",
        "tJzd/p",
        "AvNHE",
        "Y06]O",
        "T}gRx",
        "sk&3O",
        "M\\Xp.",
        "#]634",
        "IX~zW",
        "msctls_progress32",
        "T\\iY1",
        "x?{2W0",
        "3j1K)R1",
        "da:8:",
        "wUmRY",
        "i~`_R",
        "$s1f\"3",
        "BcP1b",
        "\"]IHI",
        "Bst|h(",
        "{mOdi",
        ">A,Fk",
        "kok-in",
        "`,BM}",
        "Xa)T^[?",
        "n_sk^",
        "sEy9ag?",
        "en-GB",
        "Q-[9yW",
        ".%a9L%",
        "PYS<K",
        "|VPP#^7M@",
        "RemoveOldDirectoryOnExtraction flag must be set if /extractExecuteLocal is set.",
        "q:4IJHDj",
        "#w,]N",
        "7*868",
        "g:@K*",
        "]\"&*O}",
        "}YU7I[\"",
        "7'+ZB",
        "Tt)jhZf;",
        "F]x[e,",
        "~Q\\P!~",
        "S}KkWs/",
        "udMmb6",
        "`_z|t]-",
        "BV4`D",
        "H_SFX_CAB_EXE_PACKAGE",
        "@+OE.u",
        "~o}|?a",
        "(1[*U",
        "qaP-O",
        "c}m)#",
        "f(^JA",
        "g2E2M",
        "^b7MJ~",
        "0=Fy ",
        "_GV}|",
        "z7}JYy",
        "&nW54u",
        "}.~k/+",
        "NW/1a#V",
        "V]{\\4",
        "`rrI4",
        "(<Ci'{",
        "&W%~H",
        "484X4d4",
        ";`]RK",
        ",Xsyk",
        "E}}*{",
        "=UAe+",
        "+LIU@6",
        "k${p^",
        "$4+]F",
        "vo4Fp",
        "be-BY",
        "0.3Q7f",
        "p1BxK",
        "9<aO:",
        "m+69P;G",
        "6|u59",
        "}z7C^",
        "wQ-md",
        "*y'e9",
        ">1V[\\p",
        "4NTP.",
        "Kx\"Z?O",
        "W?ip)|}*",
        "xfF1q9",
        "BR5hZ",
        ".\\t&%",
        ";sz!LA",
        "rU`RFq%",
        "SRyr>",
        "-yq\"W",
        "Kp&.0",
        "Cg+p=",
        "2G1^K",
        " 8Qp{",
        "c/3\"Y",
        "a|6UW",
        "D$nYD",
        "j(C {}",
        "~\"*[t",
        "wUDTo",
        "!'Q>a",
        "&?IiA",
        "!JyP*i",
        "FJRw ",
        "PIz).",
        "!&SPXy",
        "l`4e}=u",
        "-_oDq",
        "@IRU r",
        "Unable ro register file for clean-up",
        "_y\"e'",
        "O{ NF",
        "rKL r",
        "y]>Uc",
        "3j:CB",
        "y3&Bj",
        "g.\\6c",
        "$-hrTV",
        "h,Qpv",
        "xv\\e'.",
        "+-5+e",
        ")~v97\"",
        "B`&o_",
        "aH@CL",
        "5@Z}$",
        "W8bRSp",
        ";xiIV",
        "c9`@k",
        "U,5wt",
        "T%-e8@:",
        "eu9s1S",
        "[3 \";IS",
        "${K|7\")N",
        "@u,`cb",
        "S>MR4",
        "-1*z ",
        " %z,k",
        "T{<vA",
        "b[4Ps",
        "frexp",
        "?+GUw?",
        "E^%Jd",
        "\\M\\kU7%",
        ".sdkd6",
        "1lmr:",
        "@)t<,",
        "\\>S88",
        "I+!_9",
        "T7N8?",
        "BVj(j",
        "HrH-f",
        "d+<yb",
        "/vH;0",
        "g9S~^o+",
        "o9lEP",
        "X[KTOd|H",
        "FU7uU",
        "yGCdL",
        "N)?2|+<",
        "te-in",
        "icl7l",
        "=z8v\\",
        "YD\"w{",
        "CXyT/",
        "8,888X8d8",
        "U,d,q",
        "HbBey(!",
        "?2Q$8",
        "\\zY![",
        "i'&xi|",
        "}:3$D",
        "Q)^-:",
        "H;H;I",
        "\"#{Gu",
        "$DosZ",
        "b`%jV",
        "~JUES%",
        "December",
        "yf#T3",
        "%(}kO",
        "Failed to create the UI thread",
        "Failed to select the directory to extract to",
        "Q#GH/6",
        "noJN-",
        "]vYsvq",
        "v42h>",
        "F:ONZ",
        "gl-ES",
        "{GQR]",
        "OVD5H",
        "1zT74",
        "sv-SE",
        "HLeV=",
        "87pBsOV2",
        "JOsWk",
        "na6<s",
        "NS]*V",
        "1_ +D*",
        "HDe/\"",
        "tW8B. ",
        "jpgXs",
        "-hT4D9o",
        "Y<_'C",
        " UshW",
        "),V!$",
        "uRXKg",
        "0^tuDt",
        "h|O~l",
        "y9L)6",
        "MRIN<~",
        "Z#@7%Z",
        "'ZIT'lM(",
        "J7^o+",
        "5-07Q:",
        "/H.0-",
        "C-}qp",
        ")!x!5",
        "RnNid+",
        "w'oBD~",
        "\"J`3wm.",
        "|PLX7",
        "'Lzmq",
        "#~]UZ-",
        "eW\"aa",
        "NRoKk",
        "~+&E`",
        "1(TS%",
        "oyT:,",
        "(VS[$hH",
        "R,yuA",
        "2`%}%",
        "[zf2|^",
        "79E9=*",
        "9#[y2av3|",
        "EkYzNn",
        "jW69\\",
        "= 'q&`~",
        "1Q1w1",
        "E\"FD)",
        "ttQ>@",
        "fr-ch",
        "q-$}T",
        "1)coK",
        "989X9x9",
        "U;Kg.NK",
        "+:}fr",
        "vL3r~",
        "c,0|3",
        "O/'2C",
        "4g_N!",
        "<d~Bs:",
        "=Ss?o",
        "eV{bc\\w",
        "om\\ g",
        "U*]8.",
        "z.2?K zWaj?",
        "G-+m}",
        "<a!o(\"x5",
        "@\\4Ya",
        "en-ZA",
        ";A1h5LX",
        "8\\yNQ[",
        "g\"9-W2SNy",
        "/3YKU",
        "m$bQn)",
        "^;(g-k)Be",
        "i-#(r.T",
        "uKHHG",
        "EPDp5|",
        "Do2Ugz",
        "_|qtd",
        "CryptAcquireContextW",
        "f9:t!V",
        "?SJ(d",
        "Q&_34",
        "^Sn*Z",
        " Jzi!",
        "6\"6@6N6k6",
        "bad array new length",
        "Rf&=f",
        "aFwf@",
        "SVWj<",
        "(s+w@",
        "ezw]qG",
        "x!`W,",
        "`B,5PY42",
        "A75YK4'H",
        "*IX.2",
        "3u9;/",
        "@uc%^",
        "X6(Of",
        "tZp<DZ Z",
        "H h@ck",
        "mFB3j",
        "-\"-*`c",
        "Uh#1`",
        "3c=ew",
        "(>PPRPs",
        "&_{p4",
        "h)8}!",
        ",deVO",
        "2|,[}",
        "qyCp7",
        "ShellExecuteExW",
        "iT-+%",
        "?z58k",
        "bB=w'",
        "O3A];",
        "j:x1h",
        "4_#U{",
        "UuSN{Y",
        "jA`ag\\",
        "5t~;g",
        "qzd/V",
        "BAYqy",
        "636Z6o6",
        ")M{#v",
        "\\\"\"{h_",
        "[.>!@",
        "qVEzO",
        "_-;8K",
        "zvj-c",
        "uPG)J",
        "ADA/8",
        "xtUcc",
        "Nl}&G",
        "lFIZ(",
        ")dPr>",
        "Zz0~]",
        "`M,3;e",
        "D-m%8T",
        "Failed to read box header.",
        "Ye_$&pb",
        "CreateEventA",
        "[S)gF",
        "?e}%B",
        "ai$;m",
        "P-Zwq",
        "c21rNX",
        "5euKYHf",
        "m*jiA",
        "+)GE5-",
        "E$Mg8",
        "e$*de",
        "M,j\"^QRRRRR",
        " :]$7je",
        ";xPj<",
        "#JVE$(",
        "=N>X>",
        "7bcT3",
        ".text$x",
        "E^fnv",
        "|ZBd!",
        "0i\\\".",
        "aDK8,",
        "4FQo\\k JF1f",
        "X1f9Udr",
        "]q^04g[",
        "M-,4$",
        "_](vw",
        "eu-ES",
        "e{](Oq",
        "l@lFz*",
        "*/]:$",
        "xu&'M",
        ";>[;z",
        ";_(tE",
        "C/p\\u",
        "BuzBBE",
        "dmb:16Q",
        "9QfrO",
        "i@D6F",
        "fg:SM",
        "U\"S-Wk",
        "4mD=Z",
        "u`@`1",
        "luOdP\\",
        "WD8\\/",
        "P9!0AE",
        "Oq9IQ",
        "$W/lKl",
        "/Mer\\",
        "z$[\"K%`C!",
        "CgBrr",
        "#/kCq",
        "|8U!Y",
        "Nn`\\B",
        "cn2MKL",
        "]q.yHCVj",
        "Mgh_}",
        "CONOUT$",
        "Mv_Xf",
        "Wg\"8Iu",
        "liX$Y",
        "]*:\\[ ",
        "rAxQ?U",
        "ZlCg1",
        "/L^V@+!",
        "3c1osx",
        "gP!<A-PR%",
        "N^4qVm",
        "^>XD ",
        "{9%7l!",
        "5Jp~/",
        "SetUnhandledExceptionFilter",
        "HgaSGc",
        "eIN1#",
        "S`3'V9+T",
        "BA>A{",
        "%]2Pu",
        "29[n;",
        ",)M1V",
        "LCMapStringEx",
        "K$}LA",
        ");p:-",
        "d:~z(",
        "sF-{E",
        "\\_<;9",
        "N\\mcj^",
        "p]N\\4M",
        "eul%k,",
        "_=`1R",
        "6@S4! J",
        "=hmj9",
        "><u9B",
        "UW_|y",
        "f4Oxq",
        ")nTzW",
        "ux6G{",
        "=v6v\\",
        "T:|1;",
        "Failed to create a random name",
        "b,<58",
        "P>|Qa",
        "=z?.F",
        "`@2qBj",
        "{F%_r",
        "FkSO{6",
        "rW7XN",
        "Z?.W{",
        "<Ioz ",
        "ys[i{V[|[q",
        "X?gVl",
        "Z$bo?",
        "+S4CH",
        "T+yE~",
        "95o~q",
        "6t)u]t$",
        "bpnn#!",
        "\\3*'P",
        "G4QYd5z[L",
        "a:9Lj",
        "zV&6|",
        "N.iGn&",
        "s3PlI",
        "c)@O=x ",
        "Ax{@/",
        "q9?Cltj",
        "7_y^S",
        "s'[>/~",
        "WDL;nZ",
        ".Tr0D",
        "c}FI/&",
        "4$5F5X5l5{5",
        "!pU{t",
        "TzV-}",
        "osofy6 8",
        "ProductVersion",
        "DKN17",
        "u+t>.V",
        "`L;O~",
        "Failed to allocate memory for the directory value",
        "-V~$g",
        "Failed to get path to executable.",
        "Mn(DiZ5",
        "Fp}c3",
        "629^C",
        "s9MTD",
        "I]h;+",
        "S.ZK4",
        "vzs9o\"quNG",
        "_4,C]",
        "qDL'4",
        "w;*-E",
        "/OiQk",
        "uz-UZ-Latn",
        "PT3iSL",
        "`local static guard'",
        "/qS\">r ",
        "9^@ h",
        "6cWzV",
        "e5-i&K",
        "=W{ R",
        "V'mE{'",
        "*zWFj",
        "B)UDeT",
        "l6l@i",
        ")Microsoft Root Certificate Authority 20110",
        "3cDb;",
        "x>Y%>",
        "TEE.g",
        "0y,C{",
        "QV}l/",
        "\"66 q",
        ",;[h!o",
        "6H!YV",
        "454c4",
        "=tS:m0",
        "=tL:'",
        "bh5\"-",
        "g2mv0",
        ";+xiI6n0c",
        "v]#Dq",
        "NY?^>",
        "UY9t,",
        "dX\"}4",
        "6fKVT[",
        "lxD\"g",
        "M?Oj-",
        "j\"qH/JEJ",
        "Ru5e4",
        ":kWQC:s",
        "2bW\\9",
        ",b,Oo",
        "0P#^TA@",
        "NkJ2N",
        ",jr2m",
        "&8,b9",
        "~ee}<",
        "5w\\BA",
        "(qvgA",
        "NgA;3",
        "zPNGc",
        "Grz/q",
        " f0ym",
        "xxc.#",
        "HO5T-",
        "7~L~'",
        "\\2kIQ",
        "mukGx",
        "Vn(r|)",
        "^`N[Q",
        "&}0\"8",
        "f$Vj_=r",
        "&4Cztt0",
        "$O0p'",
        "2Dy,Z&'",
        "oZ-!+",
        "--:cJ",
        "rFx+0",
        "[=u\\o",
        "+W j/c",
        ",PHn&",
        "0Lw2{",
        " chnM",
        "=B9 eGm",
        "T-rZF",
        ";- Xj",
        "_RWz)#",
        "$Jve\\",
        "eu-es",
        "S|z.$",
        "[O$ln",
        "2cB2L\\",
        "z-+;}",
        "k;NV|",
        "=\"*e.OWl",
        "yr~k}",
        "A~%`a0l",
        "uh9>%",
        "!/^<8%",
        ")b>^!",
        "1;n&c",
        "_r)C:",
        ",wsQ^#",
        "qR}a3NT.",
        ".xdata$x",
        "E5]FrY",
        "C^g^/T]",
        "<2=R=",
        "s$BK5i",
        "x_Hi7",
        "BL(3M",
        "s/:Qh",
        "GTF3S",
        "='A0E",
        "IW2\"h",
        "XE7kS",
        "gK4yTC",
        "UMW)j",
        "Hl7QF'-@",
        "9's2\\\"E",
        "@Yby;",
        "f)[T'L",
        "Oo!xM",
        "sms-FI",
        "P\\)Z@W",
        "~Pc93",
        "czP%N",
        "9DA{c",
        "_/_m}",
        "Y+v V",
        "h!|bN",
        "@#3lc",
        "1HKepP",
        "4$6z{?@vs",
        "<;<L<Y<`<",
        "IDJPO",
        "bY0*2",
        ",,TE%",
        ")WO`:",
        "}4 9@",
        "leD#7W",
        "IebEz",
        "'y4Ab",
        "__based(",
        "3/373",
        "-U^Ik{6",
        "bf8kc7",
        ",Abgq*",
        "KECf_",
        "L>szExC",
        "pbW=k",
        "Hq\\t}",
        "&^8V)\\",
        "5W3en",
        "RDgT<",
        "REEof",
        "3JA5]v",
        "|D]ti",
        "V_X'm",
        "xt.sb",
        "}mbF3",
        "JV[FP",
        "+;%yT(|",
        "960wI.",
        "saPt=",
        "|6T[5~",
        "]XIK|",
        "kU=c9",
        "UQPXY]Y[",
        "ngHw%i:",
        ">p^@X",
        "J`z-I",
        "DR+P ba",
        "xCqH}",
        "Y*u_0",
        "aV{U,",
        "`O'1/",
        "ZX\"i5",
        "kJ''e",
        "kOhna",
        "z\\e^*",
        "C|!YGt",
        "*?%o2",
        "+);% ",
        "2zs#+",
        " a]'5fE",
        "0|yF^",
        "x4t|,",
        "es-ar",
        "V\"(oqL",
        "1RziRe",
        "PlB9Xf",
        "62Y-`XW_",
        "hy-am",
        "J*:7v",
        "c%j^T,m",
        "q(X)c",
        " Microsoft Corporation. All rights reserved.",
        "TsB6M",
        "t%9,I",
        "'[g;OqW",
        "w:`l{",
        "xw6x@",
        "_Yw/U",
        "krMaUP",
        ",ey0 ",
        "WBbsqS=",
        "={j&Q",
        "^B{V+\\",
        "K-j=I",
        "lln |P",
        "|;vC+",
        "WR4dE",
        "6C|1b",
        "c.'{(",
        "W@j0P",
        "stGoJ",
        "vyxt~",
        "El9zQ",
        "TFt@r",
        "]>rl{",
        "C@@4U",
        "p7U3oK",
        "1RpW74",
        "oFFH(",
        "s`TY\"U",
        "H=d{>",
        "xVx0,@5",
        "[MpNc",
        ".data",
        "S*@l~>",
        "uUE~=v",
        "7Pr#f",
        "ZA3~z",
        "8;RH\"%",
        "Zx]8K",
        "UaP xu",
        "G\\U\\a",
        "(C8H8",
        "N(Mv!",
        "%Z&p*",
        "yT<Fnn",
        "bSndz",
        "N=~,=G!L",
        "jXXf;",
        ",vg$s",
        "N~Ub?fK8",
        "`$Lm<",
        ".Jf(%",
        "qH&+E",
        "Q&i|g",
        "w9M!J",
        "W`q@_",
        "'l/\"P",
        "Q-G,x",
        "`0CO#",
        ";Z:mZ",
        "TK4cy#",
        "}n) F",
        "$8o2JLM",
        "[:5{0B",
        "b9n*$G'",
        "JBcmr",
        "H73dg",
        "H$b4i5,",
        ",M+o`",
        "*V#7.",
        "q]Zy!?",
        "&%iMoo5",
        "{~5LiB$",
        "s@Wp;{",
        "|!PcM",
        "Z?c%bt",
        "@Inp9",
        "g\"}yj*",
        "2%#cLT",
        "El)kh",
        ";)y-`b",
        "|gnh g",
        "OP'?<%H",
        "klC(f0",
        "Executable: %S v%d.%d.%d.%d",
        "1 1(101<1\\1h1",
        "dN(6w",
        "+N,+F$;",
        "'\"U\"Lm",
        "^H/jp@",
        "NSZ::",
        "c)P7\\H!",
        "s*/|C",
        "(xH+Z",
        "zXwR.",
        "=%>M>h>",
        "vp]%V",
        "z`ay=",
        "Abho,",
        "i~9U0",
        "Z`pCa*",
        "^XV;q",
        "k)\"Er",
        ";p7.e",
        "`gi8.",
        "Gm&MS~",
        "FUf_ ",
        " Complete Object Locator'",
        "LNK7J<+",
        "hMz<Z(z",
        "Wf1GV",
        "oIs`-",
        "=g?t?",
        "E@m8~LK",
        "1%.10",
        "!`I|'y",
        "Ey.}3",
        "vej5P+",
        "KZdp0u",
        "3GX|q|",
        ")$Dfq",
        "LikZ7",
        "nhq0e",
        "<quhr",
        "!&{w@+",
        "445(gwQ~",
        "1*P YN7q",
        "Kr~77",
        "XZ}086",
        "O\"p94",
        "&Gv'1n7",
        "~q#-K",
        "<J:nt",
        "e'z@_~",
        ")v-WJv &",
        "(P`sB",
        "AD1xB]#",
        "8K~||",
        "bvU$7K",
        "Gp&3o",
        "&LPw#,",
        "\"s&\\I",
        "!eaCEVf",
        "fR#|&8",
        "N1tPiz",
        "P]*-O",
        "5X$,]<",
        "W709u1=s ",
        "LDqbXa",
        "bKc{h",
        "nAV6M",
        "`j9v?",
        "f>YTLW",
        "KnU&/",
        "0OI}Z",
        ".G7,MyT",
        "gj Er",
        ";&kLi",
        "4%oG:|",
        "Vm,o{",
        "uzdm+~",
        "Au=ea",
        "uj:-$",
        "KNvll",
        "1niVo",
        "#~T&b",
        "OmSP` ",
        "Lj\\iDJ",
        "k0dG-",
        "+lM]8;]",
        "-Wsp+",
        ";?uZ]!",
        "C^KGu",
        "/lHk|",
        "@.rsrc",
        "v9kqj",
        "B!{ X",
        ">5z-xh",
        "(t2Rk",
        "|VV7y",
        "7RAmRY",
        "7hU@z",
        "?@({|",
        "4=_d9",
        "KBkdgU&{L",
        "u$F,rNA",
        "-o2A]E",
        "}u7Se",
        "4r_?0Y^9-K",
        "LXwYr",
        ",4bQq,",
        "itYXf",
        "[hHl{?",
        "7&H}y",
        "e:AF\"",
        "1j5H%",
        "FFG;}",
        "$FgGdJ",
        "Q;*-T",
        "sZE@!",
        "TEBvD",
        "_`VH,I",
        "gW/@Ze]",
        "!2e}9p",
        "+g:K*K",
        "YjgjB",
        "n@G+}",
        "H<=rB",
        "L$$_^[3",
        "gN?(`i",
        "\"|W8.g4",
        "D%<GY",
        "\\<rCJ",
        "mQTri^",
        "4&[a@GZ,",
        "Hw)uK;",
        "{3x\"l",
        "Q}sB^",
        "[@hGD",
        "jACO[",
        "y|+]P",
        "sXbL'N^",
        "1YJ4k'",
        "3 4$4(4,4044484<4@4D4H4L4P4T4X4\\4`4d4h4l4p4t4x4|4",
        "[6cj0",
        "83n-c%T",
        "EndDialog",
        "1<1l1",
        "rK0VU",
        "kernel32.dll",
        "*Q$Ghx",
        "6y)>W0w\\/A",
        "bcti4",
        "KHxIK",
        "jI^cu",
        "REA)h",
        "<EAP%y",
        "u<h,x@",
        "7*XS+",
        "\"x Zj",
        "9imyf",
        "~+HY%e",
        "c;je_y",
        "sa-in",
        "_S<ib",
        "Jhp8N",
        "?$?,?4?<?D?L?T?\\?d?l?t?|?",
        "x/7Uw'",
        " 4QUi",
        "q90#[",
        "i.5H9",
        "&f0GZ",
        "\"uO$9i",
        "%sD@Tn",
        "#3KlU(",
        "z3*XI",
        "*332S",
        "8R^zF",
        "rAwo.",
        "[?2XY",
        "x0y!RE",
        ">&g{/",
        "L~nQA",
        "sma-SE",
        "xJ@]s",
        "EBb)p",
        "&L}v1",
        "GetModuleFileNameW",
        "+Gb/Q",
        "3'h.+8g&j",
        "SHBrowseForFolderW",
        "]F,6g",
        "Qwowg",
        ">6D#I",
        "PV ,=",
        "s }Pv",
        "X;QA^=",
        "aaqU<<",
        "OriginalFilename",
        "?KcXb",
        "H.'tb",
        "%cE|J!",
        "rOJwO",
        "ir0|{!P6",
        "n~C=b",
        "T x'>#",
        "q&8cR4",
        "|_HfC",
        "\\{G$=/",
        "kO#\"0",
        ")q}kp",
        "GetModuleHandleExW",
        "}YBn7",
        "wA:mn",
        "!7v(p",
        "6RRI&S",
        "%.z8G",
        "E%J.2",
        "}ZMNm",
        "9nNJq",
        "M`Q+NVB",
        "iXLrA",
        "WBQc)",
        "+=m 2",
        ".U+]R]",
        "\\dvE{",
        "3$3,343<3D3L3T3\\3d3l3t3|3",
        "D[L0)",
        "FC/TuL",
        "ru-RU",
        "[`U>uY",
        "\\LU,5=",
        "kC6|6f",
        "4%5.z",
        "v_A\\}",
        "Jc@HL",
        "h::95",
        "29fL'",
        "~295l`z",
        ".Vz%q",
        "bw]c%>Du",
        ".i6Vw",
        "qB[a'",
        "bk)a>",
        ".hB\\j",
        "T*eb)q",
        "MQl#F",
        "m*BNSm",
        "k&7lod",
        "L:nN`",
        "%0.#iS",
        "Gh5]b",
        "@api-ms-win-core-datetime-l1-1-1",
        "GI-si",
        "8gQ~LP",
        "W#A>W`",
        "Failed to extract",
        "Tyi>d",
        "O/CwE",
        "5zoh~",
        "!Nx}+",
        "kaKyD",
        "V=JGV",
        "0%w9=FP",
        "ag~3h",
        "@-f)!",
        ",[Rd?",
        "b\"O?M",
        "Wj\\_f;|A",
        "\"G(GvN",
        "McyT:#S",
        "O#<5^",
        "C9'Y|",
        "mt-mt",
        ".^,IY",
        "/}bEGD",
        "_Fw0m",
        "`m'X3",
        "Os?cc",
        "s=S2p}Ztp",
        ":k?r6",
        "o.p:8",
        "E4d*bK_",
        "!2GSgo)",
        "&l 4+Aj",
        "x<Q!`",
        "55W=sY",
        "dWB_4",
        "$MaW53",
        ".Rv3v",
        "JUnable to execute the embedded application to complete the installation.",
        "Q-B,bI.2o",
        "G(veX",
        "api-ms-win-core-string-l1-1-0",
        "e@>~8",
        "#.q8y",
        "$d=9y",
        "SSSSS",
        "Uaz76",
        "/!IO_",
        "ySBxmu",
        "YJ0+\\",
        "/hOMPV",
        "OqI#YkR",
        "Wk!Eum",
        "GetSystemDirectoryW",
        "^TXx_L",
        "<)YY5",
        "?>k){oz\"N}w",
        "dddd, MMMM dd, yyyy",
        "}Y0T\"",
        "b~p:`",
        "JlQbC#,`",
        "P9Xd>",
        "+\\pU%",
        "8e|8l",
        "fwAb3",
        "*o,BZY",
        "eWvzn,]",
        "y<c |X<E",
        "n?`>^",
        "K\\9KD",
        "{)- N",
        "/B)3u",
        "B<^eu",
        "\\zDEK",
        "Ba;:DN",
        "stdz+'",
        ")-Q2o",
        "&,[9U",
        "S%KI_",
        "c ru7",
        "|%?S9",
        "'bJxV",
        "RxD8*zW",
        "TCxV1=",
        "'?-`C",
        "f-\"{?",
        ")ZB}c,",
        "4p[Gu}",
        "GM'yP{",
        "pwti>",
        ".CRT$XTZ",
        "0 0(00080@0H0P0X0`0h0p0x0",
        "u5:~Q",
        "%}{>,[",
        "2l#a!7L",
        "hIKkC",
        "_L-hEOW",
        "S#W\"I",
        "Visual Studio Installer",
        "k:=J-c",
        ";6te^",
        " W(F?",
        "joV9H",
        "!?%?'0",
        "^'J|n",
        "\"D12-id",
        "?,qVN",
        "A(?_9",
        "K'$3D",
        "Ay.tB.",
        "wXBl$",
        "\\ A?s",
        "=i>x>",
        "CxmU[",
        "sO^xD",
        ",Ao]b",
        "5nf8b",
        ".yk8z",
        "\\'h7Q",
        "Z4{V5",
        "TQ*E5",
        "xIQlH",
        "qehNZ`",
        "Yb?qG",
        "1X3-X",
        "zHPK3",
        "m{yC?C",
        "pGF0s",
        "ztuP\"",
        "Jq0G~4",
        "1oR&75",
        "oI^u{",
        ".didat$2",
        "@7kz;",
        "U{j_Y",
        "0p#}*",
        "CC3{s",
        "5^`^-",
        "ZD+^8",
        "_TELT",
        "YJB[N#",
        "9~c2!",
        "eK%|k",
        "G_,Rb&",
        "8ZQfWU4",
        "oFS~;",
        "5`^.h",
        "2A?#^",
        "D\\'X+",
        ";|aHz",
        "}U'bL.",
        "c[+dca1",
        "c`I(!",
        "~mVsR",
        "JL`GJ",
        "ewe+>",
        ".?AUCSystemException@@",
        "m&`l4.",
        "'l$IK8C=",
        "^j~EE",
        "V6j[i",
        "<uN~}",
        "+$7Y+",
        "P*,IE4=D#eggm",
        "Op.)<",
        "'F>&#",
        "Unable to create or save new files in the folder into which",
        "?#.mm",
        "4FaD>",
        "3http://www.microsoft.com/pkiops/Docs/Repository.htm0",
        "=Joe)",
        "?i?ya",
        "]_MG}j",
        "[At83",
        "O/Fd%\"=",
        "^RQQK",
        "Failed to decrypt the extract directory",
        "DN*5=",
        "u8|,t",
        "tp\"!u",
        "HeapReAlloc",
        "R[i[6d",
        "u#d_9",
        "T93:z",
        "rEt#p",
        "QFb;4",
        "*LpCQ",
        "T!|%/g",
        "88q#\\",
        "$I<&?",
        "Qu#mC:",
        "g.ip,",
        "2{9'\"q#P",
        "(dD@{",
        "]^f^?",
        "bVyU4P",
        "0PO43Z",
        "dTiA\"",
        "@tbrpBk",
        "A>Yg$2",
        "T_lek",
        "bn-in",
        "U[\"Q\\",
        "mub5+M",
        "ZCa?a",
        "aB/l]b",
        "/F^BOH",
        "#nq\\bR;",
        "Z9RFm",
        "~LPtPV",
        ".idata",
        "kS-&$Z",
        "YlWZx",
        "%6|lIn",
        "wk#7q",
        "t2V1r",
        "6J<F#",
        "ar-lb",
        ")v2Xb",
        "]<uDB",
        "ext-ms-",
        ",6:In,",
        "WaitForSingleObjectEx",
        "DA'H?Cz}B",
        "u[=7Kh",
        "z6(h#*}",
        "LP<IY",
        "QWYg.",
        "GvPInO",
        "zh-mo",
        "02!is",
        "u>Hra,",
        "GetStringTypeW",
        "Pr~(.",
        "L+QHBsg^-xz",
        "U-FZ[",
        "zeO{x",
        "?{<~C",
        "%b=)z",
        "OW0t{",
        "+&f20QL",
        "tA@Gw",
        "P+h#k",
        "*x>%nF",
        "5<5D5L5T5",
        "T[Vb B",
        "6LbIn",
        "zSqM,",
        "-iQp#",
        "}8#qk",
        "O?EBH}",
        "{\\)^ ",
        "t/*W<",
        "o@7Rr",
        "_EfW:",
        "K]Ie?\"J9",
        "CxmEO",
        "U{5L#X",
        "QN^[OS",
        "65lZ]",
        "@.reloc",
        "]dl`@9{",
        "p+r$J",
        "g}CdB",
        ">^\\h ",
        "+.#nx",
        "GetFileVersionInfoSizeW",
        "bq{@^Cnd",
        "rd0`q",
        "sv-FI",
        "/p971",
        "9wU1K",
        "3@4M4a4",
        "o8xaI",
        "DZM>>",
        "S&%,`",
        "user32",
        "40{}$uZ^",
        "HCFJ%",
        "z[1La",
        "9K|1K",
        "%5~Ze",
        "P\"jPI",
        "v_ab3",
        "BY|b=W",
        "Z:A_o%",
        "Yp8jBA",
        ";N*H7",
        "F3dZa^",
        "Fq<]f",
        "f$ZARd",
        "v]=Qy",
        "[m9qE",
        "8-\\)3%",
        "0PMK~",
        "Dv7q3",
        "VVY <",
        "`6R9b",
        ")Vw0h|",
        "zAv{kI",
        "^e80/",
        "3*:t X0",
        "S)XKi",
        "iBKjc",
        "T|3<Q?",
        "S9+qd>Cy",
        "7^^8y",
        "IAtq5T",
        "Q{KVh",
        "E;gNb-'",
        "qplY5",
        "`eh vector vbase constructor iterator'",
        "L}&(9",
        "P #tD",
        "!!zyyJ",
        "`,>F'",
        "9Hl~R5T",
        ">E5OU",
        "}rGlI",
        "XMudn",
        "ZH<c8",
        ";gTSx",
        "C*[0>$K",
        "April",
        ";0;D;T;d;p;",
        "G4'.1",
        "8d}f_",
        "T{K>gU",
        "_lj5`",
        "pQ/W`B%",
        "C<<<j",
        "3QO3`",
        "N+gq|",
        "NKqEX]",
        "ukZ'X",
        "WYbD?8",
        "~%uB~",
        "MhVvq",
        "=nb{lrp",
        "<e&M{",
        "4%IP;",
        "3+c.J0}0",
        "tpYkiK",
        "!=RMo",
        "~cgL??",
        "zO0(0",
        "+^&_!",
        "F;yGbk",
        "uGj?Xf;G",
        "x.5O`",
        "4;6Gk",
        "~Q+hi",
        "E!xajCX",
        "^YZl`@",
        "n>E=S)",
        "ky-kg",
        "MpEWI}",
        "'H$r>]4",
        "qaxa:",
        "-(&HvE",
        "nKF.W",
        "Fl$G)",
        "$Az72a",
        "-f(qH",
        "bX#}.",
        "{,q*;",
        "D=u//",
        "Z+v^#",
        "#-GH%",
        "i164<",
        "a!sut",
        "<^3pu",
        "ifM:mo",
        "',k 7",
        "pwNt@",
        "uMC-1|",
        "JVKT'*",
        "\\Y\\ml",
        "G?I)z",
        "'\"Hhb`",
        "p^D'I",
        "Z.((>z",
        "!%$MW",
        "se;Ge",
        "|yK8`",
        "/;*i&w",
        "e}qwA.",
        "P*!MaY)",
        "# +Q0",
        "\";Hc-K<",
        "$GNZR",
        ")7^<F",
        "pETA&'s",
        "am92[Nf\\",
        "PE]'G",
        "owQVm",
        "H%)LN%",
        "D#+;AngS",
        "R=!%5",
        "&-`O- v",
        "~]%4 ",
        "g!2Y2",
        "kernel32",
        "FFA44",
        "y3Flb",
        "FIkHCP",
        "<?upc",
        "P6Z:`xC",
        "max!<j",
        "Ja4ua",
        "uEtFP",
        "}AvM7",
        "3pnQV",
        "^<V7w",
        "}xZ\";",
        "L\\RRS",
        "k#O:F",
        "kKr(o",
        "1Kk+mn",
        "k5<Bb",
        "]I#*g",
        "W~1Ps",
        "CtRQj",
        "#1Hkj",
        "ms`_\"",
        "T##3+X",
        "{@-LY",
        "Bb}roA",
        "aWn*lC",
        "uHzlZ",
        "~ijkw",
        "]d4)J",
        "GIpfy",
        "bRIu&",
        "*'FZ#",
        "lJj4i",
        "Microsoft Time-Stamp Service0",
        "]N$-`",
        "%E?bS",
        "C6#at+g",
        ".f/JYJYr",
        "y%{q|(",
        "=dmDd",
        "_#2\\@",
        "'DmOL2",
        "IZD1x",
        "*>mh5",
        "3[&xg",
        "'~7:so",
        "QM46-",
        "+-8`f",
        "6LQs?@6",
        "0!T`(",
        "fb7Uw",
        "m_l`u",
        ":1;P;",
        "jfF-`E",
        "ojw4n",
        "NB$3|",
        "JhY>\\",
        "&~v;j%",
        "Z(m?8",
        "rGn@eq2",
        "F3;u2",
        "[oBc?",
        "i&=K/",
        "obU5`r",
        "z3m9b",
        "3cFLKq",
        "hmNhE",
        "xOf?3",
        "w]RU4",
        "FreeLibrary",
        "lv-LV",
        "pJERQ",
        "}7koD",
        "k4IfG<o",
        ";W+,I",
        "]nI5@_)",
        "&(\\QJ",
        "Mg1]It",
        "=}P=I`Q",
        "-a+2U",
        "p@NKs",
        "De28OI",
        "Sr_=j9",
        "YBQ w",
        "a)-Sy",
        "x6u4d",
        "|;/'t",
        "Y~L@>k",
        ".didat$3",
        "[n>& ",
        "se-FI",
        "B:8J#",
        "_[p\\6",
        " NYgw",
        "hkn@>jf",
        "J4D9/?.6",
        "epHSZ",
        "wAr6`",
        ")wz@)",
        "LG7fU",
        "=BxTu",
        "P[J3E",
        "Vh$s@",
        "#*ql&",
        "oB^_J",
        "SetLastError",
        "j~]K:",
        " i6ku",
        "%s...",
        "5{\\}@",
        "]U^j(I",
        "i2uMoznp",
        "*NGVPb",
        ";pH:YG",
        "yjno@",
        "HukG5",
        "WP^Bd",
        "Microsoft Code Signing PCA 20240",
        "}eMSb9",
        "6l4?e0",
        ";=Zop8):P",
        "dp[z:T",
        "Zl/D?h",
        "<#<3<?<H<",
        "ntKK=",
        "MMy]q",
        "hD\\Zu|",
        "Zhl/8",
        "^nqJP",
        "xh-za",
        "QE>8VP",
        "p-!I88",
        "9{<~A",
        "r(v+%|`",
        "1U_Xnx6",
        "&mg n",
        "\\Lu;Yo*<Bd",
        "[ZKP\\",
        "$K't+",
        "nK7`3",
        "W,/_4^",
        "|sVq@R?",
        ".kB_g",
        "t3}}n",
        "HV#\\\\#",
        "Uj=Co",
        "i2a,'",
        ",BWAC@c",
        "kX-Dr$]-]*hH')&lv",
        "YY^[]",
        "@x&?5W",
        "RSo{?",
        "2}+S`",
        "L:<UY",
        "fm*oI",
        "S]xLu",
        "2gFSz",
        "ag|tv",
        "f0X\\:)R5",
        "60L}/",
        "cZ^)R",
        "1RpbK",
        "&&@O|",
        "<z}Y9",
        "B7zAp",
        "mDj&;",
        "NR9]A=",
        " Ka\\)",
        "q+/jC",
        ")GUbb",
        ":&NoQ|]D",
        "eq^X:",
        "hHrQ7$",
        "qm/tLn",
        "E4A-b",
        "rl|`J",
        "K}_3?",
        ")ll|B%*nJW",
        "lnJlG",
        "0Ej-:",
        "N!P?xL",
        ">NGdx",
        "uSd$}",
        "9{[hxV%",
        "?=<hT",
        "-DpXQy",
        "Tnic)~;",
        ">,K`S\\j!",
        "Gj7 )",
        "kW^DG0",
        "w(T)A",
        "7V=< ",
        "0.yx<",
        "zC *de",
        "2\\j18",
        "$Ar0<",
        "WM{tq",
        "LK.\"fhr",
        "je+\\+",
        "wM9N||",
        "r=u UZ",
        "ru-ru",
        "+VN%\\",
        "-\"fA@gZ",
        ".DJLI",
        "8>(vz",
        "N@+NH",
        "3eOgJ",
        "p=Z#~",
        "FgXv<",
        "3yX#=",
        "><rwy",
        "RhVe6",
        "+^h>C",
        "^kh9n",
        "5czBW",
        "S!W0+",
        "@_s6[",
        "ulg`-",
        "W Qg3",
        "H$fFf<",
        "G}Q}#<",
        "eXnB{",
        ";#;*;S;",
        "6a)<H",
        "}vNZ%",
        "#b0iu",
        "N^([R\"",
        "s[^JJ",
        "awE20Tp",
        "[PX;M",
        "zWCLqA",
        " \"6RM6",
        "r^F|Q",
        "%?N-M4",
        "Failed to get status static control.",
        "2A3\\3w3",
        "?|~xbh",
        "}O*W`k",
        "t!),g",
        ";8rMU{~",
        "XaePeY",
        "'h^`k",
        "H*V7FW!",
        "J>f;O",
        "jK!V;Ny",
        "X` R2",
        "xx[]j",
        "4$4,444<4D4L4T4\\4d4l4t4|4",
        "nhZYN",
        "v)Q^hI F",
        "&I/;.p",
        "+N#gJ",
        "0g*OH",
        "SZ`'/",
        "=\">0>G>",
        "`Zwgf",
        "Qr%~Z",
        "u>ObM",
        "$`3Sm6",
        "-FJN7%",
        "Z=YyA4:",
        "VarFileInfo",
        "o#,tp",
        "!]yPW0!",
        "=b8;&",
        "|F8<;",
        ".didat$7",
        "84ht-#",
        "iu26X,&",
        "#zK>$L",
        "0BP^'",
        "JlhoWEc",
        "I(_@4",
        "Y\\Q_='2d1r",
        "Q_8HWy",
        "^+h5d",
        "{\"~A@",
        "'3:_O",
        "b}MRi",
        "$UoS7\"",
        "gG!//[",
        "0+'1.",
        "_{PFy",
        "GetWindowThreadProcessId",
        "ZT]e,",
        ">!q3Q",
        "H[-1UC",
        ">b,Y2",
        "GX!gN1",
        "ar-jo",
        ":gjy6",
        "TlsAlloc",
        "^F<kh",
        "?-YGN",
        "CreateThread",
        "'U: [",
        "#c9+X",
        "*ob\\G",
        "te-IN",
        "TCAz0",
        ".hYM=",
        "COMCTL32.dll",
        "<~3Glf",
        "KuF#u",
        "Ua`Dt",
        "Rz=E)J",
        "cpaRK",
        "GcP85",
        "gzzA#",
        "uR_ R",
        "*S9HX",
        "HeapFree",
        "e4oAUd",
        "o:dSw@",
        ")>dCX",
        "@4.>_",
        "t!)om",
        "RpcStringFreeW",
        "3_hML",
        ",0) 0",
        "9)9B9",
        "6&7h7o7",
        "> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\\>`>d>h>l>p>t>x>|>",
        "`copy constructor closure'",
        "B4!%/",
        "E^&x[",
        "le8]2`",
        "5&6c6",
        "L\\DT:",
        "<g?ur",
        " I9tn",
        "<Fzoy8;Y",
        "~FUL]",
        "CG *\\",
        "+VSVB",
        "@cZss",
        "b0`|(",
        "&C=c9(",
        "\"_-}z",
        "\"bNSn",
        "ceF=F",
        "[;I83",
        "nvsuD",
        "pR@37",
        "'!X<!",
        "M98S$",
        "S\"wZ],",
        "u$YgM",
        "p?8`.",
        "*+o'9\"",
        "~=}3`",
        "!8e:e/",
        "[}gU{",
        "]j_[x",
        "hf:fAA",
        "TjBS{",
        "SetEvent",
        "f6V5D",
        "]D}D*",
        "5&f$}y",
        "jNa\"SHT",
        "MHUn0c",
        "LFb=s",
        "0_jA(",
        "T$N`R",
        "NNB/<}N",
        "ar-tn",
        "QYbLB",
        "ZTKW0",
        "0dZ]R2A%~",
        "Cv]Ut4",
        "I3oIy",
        "50ts}",
        "l7-7\"",
        "ur-PK",
        "s.LM7",
        "=[2,Vq/",
        ":\\q!mY",
        "#m7u[",
        "V%m5]",
        "rDhi[5",
        "IVgYM",
        "9@14P",
        "bbeg_",
        "Q(5)U",
        "`#J)cb",
        "v|3 %\\i",
        "5P7@F",
        "@_^[]",
        "N7f@;",
        "JVehk",
        "CG#]^",
        "_~g&T",
        "v\"{<ZG",
        "aA;>u",
        "m{.PE",
        "xBu^8",
        "Xlb$YeK/",
        "'&#36",
        "eNe&2h,dD&F",
        "l&f\"Z",
        "WOlRi%",
        "AZAZ[",
        "GetLastError",
        "`#-o H0",
        "|Jg,bZG",
        "^[xi~",
        "TTIJI`3X",
        "[tv0C8",
        "r1?!BX[",
        "d|e\\S",
        "Gefp ",
        "q.=K>",
        "9$<4D",
        "T~Cxu",
        "`/d_@",
        "R`BW[o",
        "ReleaseSRWLockExclusive",
        "1dm;z",
        "TEW*K",
        "1{NnI",
        "z_^G8",
        ">TclC",
        "O~a/RT^",
        "da0c<",
        "B||Yu",
        "; U(z",
        "I3(h(V",
        "e;AnP",
        "jVYLN",
        "7\"\"Jc",
        "L;r\\-",
        "+aSY4",
        "3$3V3b3l3q3",
        "es-uy",
        "JK1oi#V",
        "%E7&I",
        "`o*iy",
        ".R~8)v7",
        "4r1?xf\\",
        "]uSQ-",
        "\"37\\Z",
        "P+vJHt",
        "Microsoft Corporation1",
        "kc}6:",
        "-jd_;",
        "n)gSx%",
        "Wb/;~",
        "ar-YE",
        "I(-#n",
        "@6=x0zcm%&",
        "5$T.Q",
        "G9EtT",
        "(4IO\"",
        "NBL2~lL/",
        "`^-=9i",
        "&UMu@",
        "D^Rx*-",
        "cm|N,",
        "q>V\\s",
        "2,J>~Q",
        "Fi}9IL",
        "oZW-8`",
        "tE1%FikF",
        "O3H}3!",
        "5x`^b",
        "]%GQ&.",
        "HPK*#",
        "je:[m",
        "#4s[J;d",
        "?5bW.",
        "F=E@jDb&f^",
        "){YO-",
        "T?TtZ",
        "}c+]N",
        "o`5=,E",
        "*O%Q3",
        "'K[Fe",
        "dIaJs",
        "QkWSVEhh",
        "Q\\:P!k\\+",
        "EURUI^N!K",
        "K8T%y3",
        "CdU'_",
        "6;o.l",
        "}WDo#e",
        "operator \"\" ",
        "lDH<|",
        "y}/dX",
        "V<j/6J=",
        "BCryptOpenAlgorithmProvider",
        "!e1Be",
        "ZHV+#%",
        "d0&ot",
        "{x@E,2",
        "$({kV1MKc",
        "7*6Kv7",
        "}BDE)",
        "Failed to allocate extract directory",
        "%#5`AD",
        ") `DS",
        "5|N0j",
        "LocaleNameToLCID",
        "$KIm\"z",
        ";>LwO",
        "N5$M%E",
        "j(0\\sg",
        "jsl1,R",
        "j<B09",
        "tS=lC",
        "]Th)M",
        "nNJ~#y",
        "(9CzY=>",
        "dB)Vp",
        "k/Ltdu",
        "^N8Dn2",
        "?&9eKv",
        "V9&:W~",
        "`ee|o",
        "GetStartupInfoW",
        "%^1fgk",
        "jY^dI",
        "gp.(XRe",
        "Failed to allocate log",
        "yaxAv",
        ")#%AvE",
        "<shT_#mU",
        " PqbP",
        "IDeT2]m",
        "6-*3Z",
        "m:<n+",
        "L}3;1",
        "[&#$C",
        "=%K#OS",
        "4h{e)\"",
        "Td@Ig2",
        ",L#\"vcp",
        ":,Tj$1y",
        "x2(Jx)",
        "F_#]{0",
        "7v TG9",
        "7)WE(",
        "zQTI\"w",
        ":a522",
        "Qr4oP",
        "ij802",
        "8x^ql",
        "R#?v1",
        "JIo)'",
        "~ZtcV",
        "=C&}C",
        "~G43E",
        "NEP#U*",
        "t/j\\Yf;",
        ">B?N?",
        "zh-CHT",
        ",21#[:",
        "7Y)nF",
        "\\(Z17",
        "XQ!G ",
        "~HG|X",
        "5B\"_:",
        "^x+5r",
        "iD@c0[hvP",
        "?nB{]Y1[?t",
        ">pKk!",
        "0sU{^p",
        "hQ=Z<",
        "MYD9a",
        "tqBLe",
        "mVCntU",
        "*g_[X",
        "{.6HU*2",
        ")psW[A",
        "\\aHV'",
        "b@kiU>",
        "qT$#b_",
        "2$2,282X2d2",
        "__fastcall",
        "dc [Z",
        "tsy#p",
        "Np0s#}U",
        "YZ(sgq",
        "$'6CG",
        "B@f[w",
        "TtTb_",
        "ndj6x",
        "WaitForMultipleObjects",
        ")K]4$",
        "hMRZh",
        "Q<k3P:",
        "poXB9Uxv",
        "OZ]k<",
        "rglEV",
        "Skfr;",
        "Failed to get current directory",
        "C+n5W",
        "b%m|z?",
        "^&Ys_q",
        "^o_8i",
        ">!^!l@",
        "ZGBoL",
        "&}q\"u",
        "?:4&M",
        "TRiy/",
        "2toIK.",
        "?3VuC",
        "Q3-iw",
        "c|y2n",
        "R$m&a",
        "~w|/k@",
        "#CXSM",
        "jb_@?",
        "T)IDw",
        "%{^HB",
        "0lQE{,",
        "YW4pF",
        "@\"-Os",
        "pt-pt",
        "eLK(w",
        "0fY$&_",
        ".C}E0P",
        "az-AZ-Cyrl",
        "E=d#'(V",
        "1thC_E",
        "&7+;!*:",
        "&<i@!",
        "Unn`/p",
        "-4\"t*",
        "+d>$q",
        "tK-{l",
        "7=fM&",
        "&+MQT",
        "l9}_KB",
        ">*bH.]",
        "aW{YKy",
        "jRll#",
        "TOSff",
        "_#!{<",
        ">s%-`",
        "0m1gr",
        "'r`3q",
        "l\\nVqR",
        ";4Z={kzN",
        "S&m)~r",
        "WG@/So",
        "eH09)kE",
        "H[l4j",
        "1o-u~n",
        "X/k#D",
        "api-ms-win-appmodel-runtime-l1-1-2",
        "6Z@Nn/",
        "`'hrb9",
        "ZGo^6",
        "l{:#v",
        "^u@g7",
        "nMYsq",
        ":);t;",
        "~q>a|",
        "pI_:f",
        "BKMY!",
        ">>y4Z",
        "~x<Em",
        "l&H)K;",
        "-G\\d6",
        "QW,z9",
        "tL\"r]",
        "<j0BVT",
        "mtoZ|",
        "|~usQ",
        "?G`vVK",
        "YCgZ1",
        "dz5np",
        "TB>3X",
        "pH }g",
        "qEiOgq%~",
        ";=JN@",
        "3Z_vc",
        "CK \\\\",
        "o>mT|f{",
        "Q;?nP",
        "F5HT\\",
        ";?l\"n",
        "W]U`V:|'",
        ";PI{5",
        "'E6~*",
        "x+JJu",
        "mOH4.",
        "rN}o$7(",
        "VF8vQ",
        "ga'>i",
        "UFN}\\\"",
        "toyVF(",
        "`vector constructor iterator'",
        "'&2vYI@",
        "^|q-C*",
        "yor.L)6",
        "c'R>#J",
        "`OX]]",
        "n<EZq",
        "A,.hn",
        "Dahup",
        "*I7lCv",
        "P1yKlI",
        "*Keq!/",
        "PPPPPVW",
        "gu`<U",
        "HBI!S(",
        "8/i=ym",
        "'(M\\Y",
        "ye,K^",
        "isq&!",
        "X=uW'v",
        "x2%oh",
        "0=Zlf",
        "R&9z4",
        "Tj,YnO{7",
        "R9w_-",
        "#qg')",
        "rR_~>",
        "!d?K!",
        "{|('+",
        "r{#7:6Up",
        "}KFcz",
        "#/>_^",
        "FPe$*",
        "6{:-Y",
        "}t)~N@F",
        "R7[&Y",
        "><-woW",
        "_uu$)",
        "6jhTc",
        ";%^4$",
        "Kj7UG",
        "es-PA",
        " -mdn=",
        "Nq^t}&d",
        "HP|D#]",
        "i-3c~",
        "3-DHrD",
        "E$A^l0",
        "5Ph;,",
        "{Vj@rl84~{",
        "}i4Zf",
        "uK;sl",
        ";;x23",
        "3A`\"7c",
        "$Yl>U",
        "K1Z[n",
        "u4<+h@",
        "nMRNd`",
        "kn-IN",
        "\"^hi^",
        "\\,0ZY",
        "*)h2c'aA",
        "P5W5d",
        "a%=1h",
        "_co7z",
        "k-}#x",
        "U4pTN",
        "V U^)",
        "UD9W{w",
        "vj88[",
        "G(?)z0",
        "f#6QM>",
        "_r5t9",
        "8g@tb",
        "_`8W!",
        "Y-r\"v",
        "kLfS$",
        "7OGjD",
        "?a(6C",
        "[6/1{@",
        "F?aYi",
        "\\Lad.",
        "DtGHDEa",
        "`Rx~.&",
        "BEJDfi",
        "I|VwuX",
        "0oDJbap0",
        "2<='|",
        "{=9kk",
        "5D(RZ4Ity",
        "35W1}",
        "ilOFQ",
        "FlsAlloc",
        "Gw`\">",
        "N3gI^",
        "B5b>t",
        ".5F1t",
        "zo=*Kvc",
        "D))Wm",
        "bv;%q",
        "1mfGu)",
        "!Xdk8;",
        "C*|\"<",
        "w!t\"9Y",
        "{f@>(",
        "!%(t.'{",
        ";\\~w=z",
        "TaOnj",
        "tn-ZA",
        "<V=u=",
        "HZ* %",
        "s)l*6",
        "76Hph",
        "]!NRr",
        "{u,G#",
        "V|=vw",
        "[\"\"mnd",
        "g3&JV",
        "cxpq ",
        "1.H6#",
        "1X#!:",
        "gk0ek",
        "Q)v&U",
        "H\\3MS'",
        "9^2`4",
        "}$zOT)",
        "W-_) ",
        "8N#w{",
        "N[t70",
        "7(hv2",
        "&2Ea^",
        "?x+[]|YVu",
        "hy-AM",
        "hb@T.",
        "C9ayu+",
        "UL(tY",
        "&I#KJ",
        "4:4\\4f4k4",
        "XA3C|Y",
        "(AjY,",
        "?e{kH",
        "S-N.sc7P",
        "DG;DM\"\\3|<_o",
        "~tDWb",
        "yy&+#I[",
        "DuhI4",
        "^^hd^",
        "Yh`E_",
        "$}EDZ",
        "`,i{B1",
        "#f;\\JC+'",
        "(_h^.",
        ",HtOM",
        "9p^\\o",
        "BJ)Dp",
        "A7_zN",
        "}9r|`",
        "U]0COE{",
        "Ir Cr",
        "y7&/>",
        "{6!I0",
        "\">&WW",
        "~ARU%",
        "^v<vQC",
        "`3$;1",
        ".A9 s",
        "!):\\C",
        "_y5C?",
        " -:h.",
        "u?9<N",
        "Z)G^,1hf",
        "O|;p$&+G<",
        "2^5i{}",
        "C=d%O",
        "{88'}",
        "90:g:",
        ">\"Z3o",
        ")6/,of",
        "hh.Ii",
        "_EWC/",
        "RT:C]",
        "[wh;R",
        "4ud.W",
        "f{[O/&",
        "C6HJ.Sa<",
        "M->fq",
        "~|k4k2H;F",
        "qjFq>q2IX",
        "?@?X?g?l?q?",
        "}*g.q_",
        "HeapAlloc",
        "V\"9OP%",
        "; pkCo",
        "5=%=&>K|?",
        "Vh,.@",
        "xN8|e",
        " 0]Jj",
        "PfKhCD",
        "z?$p=",
        "hd'<^",
        "hGbCp",
        "o*|F<",
        "[z_u{",
        "Pzg#'`",
        "w\\/m:",
        "J<OH.",
        "YR~9n#",
        "_(&E!Q",
        "1)DZcW",
        "01H$E",
        "t|bG` ",
        "Wp7OP",
        "v<hX.",
        "`a>sb",
        "^b?9[",
        "Bc<.Z}P",
        ")c=59",
        "%`:M-",
        "qd>_4",
        "?h=)(R%",
        "~`4:X>",
        "BqyLB",
        "|s(bz",
        ")G^c<",
        "vMGSPM&,",
        ")B )c",
        "/r+bG",
        "/U~5l",
        "LV$3tRa",
        "$qg9$",
        "A]#X:",
        "_hWX]c",
        "\\1s,,",
        "|!.b8",
        "<R3PW",
        ";(/'D",
        "M|eh&J",
        " i^@q",
        "k.(Si",
        "0Zb~_\"",
        "45 Wq ",
        "ea;I~",
        "2'H&B",
        "UmNfr>|",
        ";J5#L",
        "@ja-JP",
        "lgBI04~",
        "4M(HB",
        "X]0i&",
        "m8m:ljm",
        "l3%;8",
        "3.)HJ",
        "\\D#+*{",
        "%]8oX",
        "lPWM9",
        "1pzW-",
        ":7<Dh",
        ".HjoY",
        "5ON\"s",
        "\"w<C/|",
        "#j@:\\",
        "{2pq9",
        "Y}3VZ",
        "fnH4J>",
        "Q28oR",
        "3,IR=sT",
        "w[c}3",
        "]Q^cw",
        "4N2i8",
        "eU8j3",
        " e?.'",
        "P\"(52",
        ".wP,:",
        "FlsFree",
        "9fD[I!",
        "Vv)1ws",
        "jdk?%",
        "J#CAn",
        "n9V[*",
        "0$0,040<0D0L0T0\\0d0l0t0|0",
        "A@@Ai",
        "ty-Hw",
        "vMc(v",
        "uVfC$O",
        "qgt#j`",
        "C$]3k",
        "suI%,",
        ";-syN",
        "wDI%D",
        "Zy,=M",
        "%7ua>",
        "\\PWfs",
        "v+yx_ynt",
        ";RA)q@",
        "FmdY/",
        "<#T>F",
        "t'<P>",
        "7F;G$F4j>",
        "`&HMt",
        "q)yKQ3z/U",
        ".^]5 ",
        "TW.Y\\",
        "Jw|(s",
        "vAkm+",
        "UzOZ&@\\",
        "O:N%H",
        "x|c_n",
        "zL{-^",
        "71+,3",
        "(>yLB",
        "HYKw~",
        "Phf<,",
        "Z>:95B",
        "D/{f&",
        "+=vvt$H",
        "R:vnQN*",
        "0^_[]",
        ".O8v0",
        "%8n[2",
        "`h)H%]]#^",
        "1e.k)",
        "<*\\':S!",
        "hwkO]",
        "j#*_*",
        "E}Bh#|",
        "qx_79",
        "2$,HQ",
        "j3_7:",
        "bs-ba-latn",
        "api-ms-",
        "'Q8qs",
        "S2P9X",
        "f_'ZR",
        "Esfrq",
        ")5sQQ",
        "jANE4",
        "zJ4Q(",
        "DF?!u&",
        "R^|W^",
        "i7gU8",
        "lU~x.",
        "\\uC%<",
        "hP!FO&l",
        "SetCurrentDirectoryW",
        "R#A%w}",
        "n6<S\"",
        ";$h&<",
        "*xze3",
        "@Oq&M",
        "{F-PC",
        "D?0,o",
        "ir8E0",
        "jqvGn",
        "YkrPY",
        "myf%I",
        "e!DOLM",
        "RP|v]",
        "uw(%)JxqD",
        "&rs8*B",
        "WgaWZ",
        "sY7ZS",
        "lkh^v",
        "l7gM@;",
        "U,+T@",
        "W$`g_",
        "Tkl$2",
        "$O8BG:%",
        "=d8c ",
        ")\"_j\"K",
        "Q@[qU",
        "iKyTi",
        "3+-u<",
        "~X&H6Or",
        "Gu0bdY*",
        "VJ}\"0J\"dD)=",
        "&4+Oiy",
        "GAR*=!",
        "FVSh@",
        "Q'W_A",
        "8xOmk",
        "<M\\PV",
        "g#`nc",
        "d@`sv",
        "y@J'j",
        "F;CqD",
        "kL)-\"",
        "z$p0WPh",
        ":8:R:t:",
        "tyE=8P",
        "Up!^;",
        "^rLJ0",
        "g88zW",
        "_y\\?EU-",
        "*-;^zn=",
        "= =kk(,",
        "ym!t;",
        "=I|Bz",
        "r|9)0",
        "]]EX@h",
        "$`.&VC",
        ";{O8a",
        "BjzX0'S",
        "/9/tE124h{",
        ";0+5kK^~H",
        "du35V",
        "V=xZQl",
        "rUv8\"",
        "pNVv0",
        "Jo$Vqc*",
        "D.O]QV",
        "`i_V4)",
        "K8U o",
        "~`:RB",
        ",R/d25N",
        "XL_: ",
        "5ineI",
        "GxW{E",
        "IXEO`!l",
        ">\"wF%V",
        ".CRT$XCA",
        "vqCW7 ",
        "H(KY%",
        "h((=6",
        "e:nV\\",
        "ar-ye",
        "kht<G",
        "`0^0\\",
        "6u N ",
        "0ViEu",
        "2]Y|&",
        "ole32.dll",
        "pz\"Y|",
        "E[c'C!",
        "NAN(SNAN)",
        "=F>}z8",
        "iX?cNG",
        "gLhg[",
        "BUdNb",
        "PqEb&U=d",
        "0o_NB;{T",
        "5#Xh)",
        "`OQ+m",
        "X0V0T",
        "e>@I|",
        "Hv\"5y-",
        ",+Y@/}",
        "vM<|z",
        "DAvep",
        "VGVl^",
        "3?!l@",
        "]+Dqb",
        "'puMj",
        "O0ZK;6 \\~",
        "8f<t(",
        "[,?/E",
        "2-|#D",
        ".YtXB",
        "%QaRo",
        ";m=~efpr",
        "N#wNy",
        "g>\"r2e",
        "%RfAy",
        "P3F=h",
        "p[%T\\",
        "E==2e",
        "V\"nVF",
        "N{#~!E",
        "C8w47",
        "ipou=",
        "}$sH:",
        "Monday",
        "%;t1J\"",
        "-t5*}",
        "VMFTH",
        "X M(m",
        "~F$uC\"",
        "X 1'b",
        "-3i-=4",
        "gO#N~",
        "r'4O(YuFC",
        "3W@b%",
        "}/)SmR@",
        "fgE++",
        "ZYxoe",
        "FDIDestroy",
        ":R\\%b",
        "*f>em",
        "~?1Y2",
        "=a{?I",
        "(W9Kg",
        "~Ij ^",
        "&d8<S",
        "GTx}P",
        "?&&!l",
        "'_2+oM",
        ";=FR.",
        "##\"db/",
        "BRqz.",
        "wK)kz",
        "r!;RTX",
        "y\\?k|",
        "<$<@<X<",
        "O>W'(",
        "cR3ab",
        "N);9Q",
        "t:F8M",
        "B]F\"G",
        ":D}AB",
        ":ns+lT",
        "3-YN:",
        "z1tmk",
        "=MOGh%ut",
        ")38~f!",
        "9B1L z",
        "g63Kpgj\"",
        "D+EU+",
        "q-sJN",
        "1<6D8",
        "Oj@hF",
        "p\"X';",
        "sq,Le",
        "M\\dAQ",
        "C{HDB",
        "|WVJ>",
        "GJfp_",
        "Ocs/C",
        ":)Z3y",
        "gonWm",
        "q!u_+o",
        ")AB5z<8",
        "`],HoNhyC",
        "Jz-Z@c/Q",
        "\\F_j(",
        "wKB<P",
        "~@0K3",
        "<DY^u",
        "?\";bY",
        "Failed to expand environment variables in string: %S",
        "fwm$<e",
        "YZK?m",
        "j-qQ)fY",
        "LX:6.",
        "Fh#hk",
        "M$H~{",
        "n:XO8",
        "fKD2_r",
        "FBsFn-A>~",
        "pmd*N",
        "i&<udm",
        "gpY-W",
        "WJ_G(",
        "Xd)S\\*",
        "uITpWd",
        "8ER4{",
        "ySEHf",
        "U9'2h",
        "C*B;i",
        "%-yeH",
        "JYq:|-",
        "o(mr6",
        "SBFj/_;Q",
        "*LN3<",
        "MB5=9",
        "f)8T;",
        "S(xRm",
        "$jNFFL:",
        "sU-py",
        "UH>F&hj",
        "TM`5Z6L",
        "'* r2N",
        "9C1 <V",
        "7j[l^!L49",
        "]9%FUk",
        "%Rd5X",
        "/Yk?j",
        "f_Q-tQ",
        "HH:mm:ss",
        "8:`vg",
        "h!bmu",
        "7%eBsi@",
        "`rCW5",
        "7s=jP",
        "7p$hL",
        "In_ztF",
        "q8*[W",
        "yh^(A",
        "(%H/)",
        "M#6QGH",
        "$t<tY",
        ">U![ *U",
        "P>y32",
        "YbN\\U",
        "W{q2>'OT",
        "XOD<')Ug",
        "WXHk;W",
        "~q0S-",
        ";+3 m",
        "\"D7B\\b",
        "E4};G!cP$",
        "%04d/%02d/%02d %02d:%02d:%02d",
        "FO<h?1",
        "BvWb\"",
        "=,Znz",
        "YVj P",
        "5pC2.",
        "E:T;D",
        "Bs4Gp",
        "q_*p+",
        "s>h%K",
        "sD7`S",
        "+SZ}=f\"",
        "Q#{V,~ ",
        "WK\"Pt9K",
        "}*+5ru",
        "_j!/d",
        "RumBi",
        "T[G0w",
        "p~<ZmM*",
        "gCTGd",
        "D%$MB",
        "it-CH",
        "Gos3O",
        ":)DET",
        "IiWzx",
        ",HdRB",
        "H\"o\\uP",
        "}0A >",
        ".\"J]{",
        "bO\\%u",
        "AZeeC",
        "f]Uy<M",
        "z5O=0",
        "EmNr4Z",
        "SdzPF",
        "ujc&e9",
        "YK!0DmV",
        "ml-IN",
        "_{K}q",
        ";Lo(7",
        "\\z68E",
        ":wus7",
        "1g;+zH",
        "aiE%z",
        ".9{Un",
        "Zqp9p",
        "$Lt7Pj:",
        ":$z4V",
        "K*p>NH",
        "_suHI&>",
        "%x/<?y",
        "[lVn^",
        "hD\"mHo",
        "YQ+idT",
        "\\b0+v",
        "1<a26",
        "e;svx",
        "m&@+9lL",
        "d=$Y+",
        "F@z6$v",
        "*(iNY_",
        "V|S jG",
        "O,`3<G",
        "*(j2Y",
        "W$uhz",
        "Failed to load advapi32.dll",
        ".au*>E",
        "ky6RpV",
        "GKf/p",
        "&5cBM",
        "yz23o",
        "|:>7on",
        "T~tWf&v",
        "W{+go",
        "Jax;I",
        "0889{",
        "wcS_@&`v",
        "0\"1D1h1",
        "BpS>u",
        "C6m4U0.",
        "Q''<\\",
        "Dtr Iumw",
        "6qE?Q",
        "AkAsb",
        ".d?j-",
        "Cu ?3",
        "suJ6$",
        "CN[(2",
        "*AKM?e",
        "CxyK%",
        "j=vh1w",
        "gMR5%",
        "Oou@\\",
        "E_]Hv",
        "V]XK@",
        "<<0,$",
        "\"M5,\"V",
        "3N*c)*",
        "<}z7)",
        "zqu3Y",
        "2/JZY]Z",
        "5Y5}5",
        "V/f%<",
        "000|001",
        "YooAl~",
        "Z[SjWWG",
        "Qza{(",
        "\\E~Bx",
        "b\"hK=B2",
        "&k]f]u0",
        "jVkCJ",
        "f>8DB",
        "<N\";7",
        "h|N~\"",
        "Failed to concatenate Box GUID on temp path.",
        "Rb%EBQ",
        "_Z|`2",
        "20260612075249Z0w0=",
        "5ehdB)=x",
        "f+zK|",
        "_dMyp",
        "c^\"zt",
        "~oNtgD",
        "V'Pg'",
        "9Bpeb",
        "lbM&_",
        ":.C^A",
        "I60yQ",
        "srQGB[",
        "g+<O:",
        "LrEgI",
        "}\\6[4",
        "D4xYM",
        "mcM5o",
        "the files are being extracted. Please check the folder properties",
        "FpRobj=",
        "+%:yY",
        "Bq;X>",
        "+imev",
        "<l&j3",
        "C3n}n",
        "[zI.e",
        "N&ri03",
        "838s8",
        "l[o4.",
        "1{BDW",
        "Khbo_",
        "ZvK-l",
        "4~i45",
        "XOU#NT",
        "@tkB2M",
        "r\"m7;",
        "N{V)=tG",
        ";s0;'",
        "'jn Z",
        "~8K2v",
        "G.Lwi",
        "3y&|lo",
        "VA:oVU",
        "x&&4iEd",
        "6}RYY$",
        "k7q#i@w",
        "RXr)&&",
        "GXW/-",
        ")?Bq3",
        ",bQR!",
        "e|~Ye",
        "{PP]qo",
        "a;pp'O",
        "~ex0@",
        "&EjgS",
        ".5:a:",
        "D#_sG",
        "wQ$BrI",
        "+)b~g9",
        ";-;D;P;e;",
        "!YG&C",
        "-k4CY>",
        "R!DNxY",
        "e|WTt",
        "cy^b.",
        ".;8#I",
        "/k]0O",
        "quz-PE",
        "-!X:U$Gg",
        "APW7!r",
        "Bdq] ",
        "rxw,4A",
        "X6&4n",
        "53T#5#",
        "Rwf0n",
        "ar-ma",
        "v\\&%p",
        "`,N&4",
        "a$:} ",
        "l}LdgZF",
        "O`f79_",
        "x/^53",
        "w?G>1b",
        " p*\"S",
        "uj*Xf;",
        "Efpq,T",
        "VzJL9",
        "w|H0a^",
        "sw-ke",
        "KuU,-",
        "%|[&eNK",
        "vIOsJ",
        "sUp8L",
        "n(cp_Pr",
        "qHJ[K",
        "fUIM)",
        "(y;7Mf",
        "lLt+C",
        "6eiG3",
        "cxxeH)",
        "?FskEn",
        ") @LQh",
        "?Kz0w",
        "Cj1fZLS",
        "*fE;]",
        "-=m0:",
        "$DO!8",
        "0\\pf%T",
        "w6cwW<",
        "2VU'c9",
        ")wBi_",
        "3V1\\,",
        " jp_P",
        "[=&UOpb",
        "$'o$]",
        "?{;Mu",
        "^g}[LE5",
        "#1nGP",
        "M!q<&DLR",
        "uEHJL;",
        "v1;y ZjU",
        "AuL-q",
        "W9:|mS",
        "AjcBD",
        "s/2aG",
        "rD{Jm",
        "A9;QE",
        "en-au",
        "h MbW",
        "C|)'qJ",
        "x{ 0[w",
        "lstrlenW",
        "ca-es",
        ":Xgh<",
        "7|o\\OH",
        "/X&&Dg",
        "3G/Q;A",
        "zh-HK",
        "7==2!",
        "IzH6a",
        "7ZX&?",
        "(:WJYDR",
        "]* {k",
        ")7hcR",
        "zTFTh",
        "9X3+@",
        "B$P_j",
        "lIfiE",
        "v`1 q",
        "nUpb`",
        "mfluN",
        "k}XnL ",
        "7^Xn6U",
        "4=/J<",
        "qj?Q?i",
        "\"9\\'W`",
        ".sL](",
        ";]36\\<|[v",
        "6 d^_",
        "}*tJps",
        "&:i]VM",
        "2kvw&!A",
        "{][x}",
        "|.D`W",
        "RzhJ-S35",
        "|~;SO",
        "rUCS?d",
        "[D{nP",
        "d{=~<2`",
        "ADVAPI32.dll",
        "\\~sm(%",
        "=[\\[y",
        "1X0]n",
        "L[$#:",
        "%Xu?<",
        "$dFRwD",
        "fW``va",
        "Ir|4P",
        ">Y8)`U)s",
        "cluyk%",
        "~DFn%",
        "T(8#-",
        "9zl_{",
        "/[,SE",
        "m\\4eOd",
        "K\"`]'",
        "eHv,,>",
        "q~]l8",
        "R(3]\"",
        "f{$aZ",
        "}|])'r",
        "*nm;2",
        "@gZb2X^",
        "(Q5ox",
        "<fH,b",
        "sZ8{-",
        "h,Dy>6",
        "5QLAV7",
        "8+E:B",
        "]\"&6U",
        ".f[.q!W",
        "C,9hY ",
        "w96g=wL",
        "\"GZZG",
        "sqI^!",
        "zzcDpwv`",
        "kJ (6",
        "sZG5M",
        "9~y\"2)",
        "e{;4M",
        "CrpmY",
        "_KTyb",
        "qX%|2",
        "DZ&X^",
        "GetWindow",
        "IQ4%4",
        "boxstub.exe",
        "RFyA7(",
        "llk%]",
        "wotL4",
        "]#W:T",
        "`rspAQ{>>",
        "20260611192300.422Z0",
        "EGVgE!=C6f",
        "naQPOX",
        "fl,Ps",
        "GetCurrentProcessId",
        "M*p6EX",
        "K!/kh",
        ">{Khr",
        "\\~e*aZb;\\z",
        "4Us#F",
        "y^/P)",
        "mOA)@Fm",
        "\"Jw%u@s9",
        "#@@+#",
        "WQ&Jp@L",
        "G(d h",
        "hH^.u",
        "98rf$O5IP",
        "7<x1u",
        "9LE/h#",
        "]'FZC",
        "5Vl^q",
        "k)nhfF",
        "*8[Tzz/n",
        "zOmce",
        ".\\UBR",
        "S>`^\"",
        "YIZmn",
        "J5>3^",
        "NBcKx<_y",
        "TGI]Uv",
        "?#B8V",
        "-QU'V",
        "\"5Y![-q",
        "Ke(=&i",
        "3(3L3d3l3t3|3",
        "3eFmU",
        "ui-fuWH",
        "LsRrsH",
        "8M 3p",
        "0VIyr",
        "\"si&3RG",
        "mXgaV",
        "G2so5",
        "+P6m$T",
        "oFi@h",
        "~a<6'",
        "7o/>n=",
        "j,M&W",
        "@(l_l",
        "<}<i|_",
        "#&xp4",
        "N4O=o",
        "d|qn)",
        "eE]|(",
        "QhSAHu",
        "p@x+eM,",
        "iWOnLKp",
        "-y7.K",
        "x+s0T[",
        "o7]f.{E",
        "YtuZs",
        "obwQ4",
        "Xn.7A",
        "#FYO'(X",
        "++Z.;<",
        "w_/_4",
        "hjW^)",
        "C'7Bg8",
        "RcLhT",
        "RjjJ8",
        "Wy(J#",
        "B9H9`",
        "l--0&",
        "'8PX0",
        "i*@Hf",
        "SHELL32.dll",
        "smj-NO",
        "Z|bS@",
        ",O/{5k",
        "S0+d@",
        "VerQueryValueW",
        "Z#cy5",
        "vd$%U",
        "Xo&E2",
        "[kzxi<",
        "pCv^F",
        "y&6mbG",
        "e5![G",
        "z SG;",
        "[9ggg",
        "#E^m1M",
        "a>{YZ",
        "kE3'f)?x",
        "api-ms-win-core-synch-l1-2-0",
        "Yu]Za",
        "<^>xe",
        "g-Od}F",
        "6*~Q:p",
        "mkPlQ",
        "r+GMG$",
        "ed`\\!G",
        "nF!tq",
        " {\\AF",
        "#jJ&D",
        "<HW8p.r",
        "L8.S'",
        "NQn?7",
        "L>@74",
        "*9UI6\"z",
        "6ZW(>",
        "/(3'z",
        "ar-sy",
        "787_7",
        "H~hxc",
        "!r>Zw{VQ#",
        "E5nn\"",
        "rbrhV<",
        "a,qHlK",
        "Umk(c",
        "D1qzf",
        "v>x6}y#",
        "z:<pc",
        "OCI3o+",
        " WrhWI",
        "bg-BG",
        ">b^0T",
        "0+V&8",
        ":dGb\\",
        "Failed to allocate memory for the directory control value",
        "%Q6<BE5",
        "6^7\"8",
        "LQ'1*",
        "yA| ;",
        "6`e<L",
        "GetProcAddress",
        "LB[{>",
        "<0b$3h",
        "ey5e 8yZ",
        "XS('x",
        "l45HX",
        "`.data",
        "0oJ!O",
        "1ns:K",
        "S9k/F",
        "YG(M>",
        "5*'W@\"",
        "~QBR2",
        "wi'M.",
        ".Fg]'",
        "Ff>H}",
        "{an1y",
        "L!_,?.#",
        "[UdL)e",
        "01%ajh_d6~g",
        "q =A`",
        "VC!HmK",
        "rI)`P",
        "`EufmZ",
        "ar-bh",
        "qKPX!|",
        " _%3}Z",
        "rcNs\\",
        "Sh0x@",
        "[Bay*[",
        "Q7b|>",
        "Failed to allocate memory for the title",
        "WjA+h",
        "?g(C)",
        "I,)[*",
        "+wPr)",
        "xd:igi",
        "kpWdt>L",
        "Ds9-:",
        "^|<!'",
        "6OI>zn",
        "gNCiB",
        "oh oU!X",
        "2F@&wY",
        ")b/4!sf",
        ",R[sgPVW",
        "$B;(X",
        "Failed to generate a random value",
        "6W#~Jsd",
        "=,-T1",
        "h4Vaz",
        "h9eL%",
        "_7gw$0",
        "Nmqw=Wm",
        "34-wdl",
        "uS8*mv",
        "3~Tp=",
        "hI,o{",
        "yK'J^.",
        "\"lp5;T3",
        "-6VoE",
        "N)sM{n",
        "L#Quw",
        "n^%3i",
        "$b&Q@",
        "X!L!&h",
        "5%qox",
        "]sJxa",
        "JxqqJ",
        "G9WDP",
        "January",
        "{eNG`",
        ".idata$6",
        "eiCdR",
        "Pnl.z",
        "F@OsG",
        "-l+Jf",
        "/vujI",
        "pXxhO",
        "/-l0)",
        "1F_,C",
        "b;{BJ",
        "0\\F|b",
        "`t7k9",
        "fhe-V",
        "`_$[?l7~4Q",
        "k1'o(",
        "a0f\"aB`",
        "Failed to get the text of the label",
        ".,QFk",
        "23f('#",
        ")srCf9",
        "tHUEv",
        "44!k_",
        " :CPNxF?-",
        "y%'~U",
        "Npp@c",
        "4JxnQ",
        "Upm/&",
        "w)@9w",
        "N^4<0",
        "ZGf} ",
        "tyeFjts",
        "3}/s]",
        "\"/,(US",
        " #Qs`l",
        "9[#o{q",
        "v87E J",
        "d_W]T",
        "xRZ9:",
        "+F`Q@m=",
        "<+jPe",
        "N!l^]",
        "bOV2m",
        " cE>6",
        "Jc>5PF8",
        "_f+Us",
        "Y4SGf",
        "YGiy^",
        "?Y~:|X",
        ";RiZ>B",
        "u$!G0!G4",
        "_8&YG",
        "i|pMv",
        "SO]xH",
        "OceIt>",
        "/~{sn",
        "n`v-j`ZB+<b",
        " z\\D&",
        "t!,fru",
        "yt_^?",
        "0m^2B",
        "sq!YIT_L",
        "d[j\\26q",
        "eN]\"EG",
        "`Dv@,2",
        "J\\,aB",
        "H>kd]",
        "=]q\\$",
        ">s%z%Z;",
        "`SLVk",
        "{ng2'?",
        "]A!3vW",
        "l/tEx",
        "uA%pDFO",
        "2C~zx",
        "L{5\"u",
        ":*T+K\\",
        "[y@Is",
        "e}s>h",
        ":pOgT[Ly",
        "4y'7N",
        ">s011",
        "\"2L}M",
        "k;6>^",
        "X3[nz$l",
        "QvG09",
        "|>%v7",
        "v[RDSSt",
        "\\uoHeU",
        "MJ=7A",
        "gr?Sb",
        "XYA0&",
        "n>LV3v",
        "^k2?c",
        "Hb&nS",
        "'iP*04",
        ",A}va",
        "LcVo<!V8",
        "uthBw",
        "b#Sfo",
        "sxE7L",
        "{<NZO",
        "a%'\\C'VDT",
        "/0!`JH",
        "cs-cz",
        "&g)vS",
        "X\\G*>y",
        "`DQb>",
        "*Q?^k",
        "0KQ:k(:",
        "B? z%",
        "1d<[C",
        "VH{6\\",
        ":9\"a^>",
        "}-bQT",
        "z(R$M",
        "Lz# s",
        "/AauZ",
        "ZLDG)",
        "e;*$7l",
        "8p4-Pg",
        "zG7j&`{",
        "s[C)8=",
        "nkV<Ej",
        "Uy;T_",
        "_zryio",
        "erx>M",
        "\"ux[Z",
        "\\t>ENW",
        "I8Bjz\"H",
        "43Tn]o",
        "A=:fm",
        "xjtr6",
        "`RTTI",
        "%`5@)\"",
        "I\"~XEO",
        "@_`(L",
        "J{s\\1",
        "D'BCn:",
        "?3H-h",
        "DjL+?u",
        "O-3Fu",
        "2G3_3",
        "8okiy7",
        "A:Eai",
        "t{]fmx",
        ":3D.E",
        "CDr']",
        "@\\Egk",
        "5NCe0e",
        "Xb{@`",
        "i+Vql",
        "Sw1xv",
        "/D2AQl",
        "*,4t#Ke",
        "jU^R?",
        "2X+Rfk",
        "n0>O0",
        "Qv3pSY",
        ">].\\8",
        ":SL-2/",
        "cxUAS[C",
        "!=`zV",
        "-XRG`",
        "]V7{w",
        "(5D#i",
        "QvtkJ",
        "]yjI5+XE",
        "pW\\y=",
        "yL~hC",
        "D6(0T",
        ".text",
        "JI&a]_",
        "Z7ibS+a",
        "aQ0xj4",
        "T=Hex",
        "~peZ`",
        "1h&k<GV",
        "aR^}P^",
        "HEM&T",
        "qVx9uU",
        "-eWRY",
        "a6nzi",
        "E-_zk",
        "VQWyw!",
        ">-oy`",
        "n@Li!",
        "SHA256",
        "<kp,X",
        "'x},t",
        "<[I[6",
        "5pVN;",
        "ZzccK",
        "-K\\Jr",
        "T6`di",
        "xOW!k",
        "?!?*?M?_?k?y?",
        "P{ hBJJu",
        "I_`JN",
        "d^[H ",
        "Failed to create a new GUID.",
        "fr-mc",
        "Bvgmd",
        "'@`XS",
        "h]NA:",
        "PJb/%",
        "sRG=6",
        "6}cmv",
        "tME}c2",
        "/z6+K",
        "is-IS",
        "UfG:(;",
        "dQ4JG~",
        "M+|I{",
        ">@!0/E",
        "Q%p/d",
        "vZkU?Bv$",
        "?db9i",
        "1xZ}4",
        "QfKOa",
        "+8}!w",
        "9^h/8",
        "lj kBwC",
        "{\\Z>Q",
        "'&96>",
        "9#A6n",
        "s_M{E",
        "gcf2n",
        ";Iy3<",
        "9:kt3",
        "%~&xN",
        "xqn(Jlzn",
        "tC4J=l",
        "YxLx+9",
        "?4?&$",
        "$n2{X",
        "\\hlV;j",
        "`J-[&t",
        "iCEyIQ",
        "Z=|qg",
        "#%Wri",
        "YU)rD",
        "8m6R*",
        "OUZ?W",
        "yb8o ",
        "~o/sa",
        "pa-in",
        "~~S0[f",
        "(TNEp",
        "s28Cv",
        "F.jgYf;",
        "N4,Moe",
        "yH;I5",
        "?|4_)",
        "53a+kW@",
        "U3:%MAx",
        "en-gb",
        "FX;o0<",
        "}2ZC/",
        " MfBL",
        "y4xn:",
        ":Dl]<(I",
        "h|-&e",
        ". hfR",
        "en-zw",
        "z0s=w",
        "T'.-T",
        "Y!`U:",
        "(-TXK",
        "K:[J?",
        "Kl{7G",
        "GO!4Hj",
        "y,wD?D",
        "3+(V&",
        "t6)hF",
        "bad exception",
        "9G%A-",
        "(\\\"uz",
        "dHW<Z",
        "ND~co",
        "=d~uPf",
        "'t:At",
        "V)x^)",
        "Np)a_wUz?a",
        "d:ud$JX",
        "=\"tC/",
        "y=PCS",
        ">+O&o",
        "UvXC!",
        "8F](2K",
        "Ko^wpuw",
        "d?xEx",
        "1#IND",
        "w+|Af",
        "\"|C|I*",
        "mX]m ",
        "bMC,+",
        "Failed to set _SFX_CAB_EXE_ORIGINALDIRECTORY",
        "K7(_v",
        "DP3E&2S",
        "{0.H4",
        "!fnuHs",
        "NIdwkau0",
        "o]lL-",
        "fKh3@",
        ";Z<x<",
        "QFSdb",
        "EVhfa",
        ")<z.z",
        "Bu=/|",
        "]yEtw",
        "?[Cdu8C",
        "Y\"h].F",
        "FileDescription",
        "xw!-X",
        "X8GRN",
        "M+T/`+",
        "`r5t{",
        "1w:w|",
        "_SFX_CAB_EXE_PACKAGE:",
        "M;PUV",
        "QP].A=",
        "f'+xc",
        "7Ra\"B",
        "'nG1p!",
        "%=0Bp",
        "Q$_R4o",
        "<kN5C",
        "en?cH",
        "F<-jO",
        "}&~ph",
        "?Tw>j\\",
        "CorExitProcess",
        "GetSystemTimeAsFileTime",
        "Ai$0b",
        "9f4uU",
        "3)lLR",
        "&T7+qyZv",
        "$?uZu",
        "5G1~E",
        "Yl$r8W",
        "I#]Z'6",
        "Rs4 '",
        "ogYG/g",
        "yKr y",
        "lqY/n",
        "fr-ca",
        "[f57v",
        "z7sH6",
        ":m4hV",
        "/eO_uO",
        "akugT*oF",
        "?WJFZ",
        "i=uj(",
        "oT52\\2",
        "9,8pM",
        "QWY-U",
        "3q*5on",
        "?nk#O",
        "zh-hk",
        "oOd%v",
        "bJt_7",
        "J(:*ow",
        "o+!!5",
        "LIH7:",
        ".L-d{",
        "ET:io\"",
        "`;s@I",
        "[>\"Wp",
        "Oqlg+",
        "q6`6,+",
        ";$<6<T<m<",
        "Dz~3@3 ",
        "Vvkyw3",
        "FZ\"%Y",
        "RzU9}0T",
        "+~~%|H",
        "r)Zw^Mdj",
        "(C6T~",
        "QCy[qBwA",
        "\\{w6}",
        "Tfav%",
        "%lj*!",
        ". _z[f-",
        ":'.Qmp",
        "8U&).",
        "%aNU,",
        "8z3+|YP",
        "wU\\m2",
        "IfrBc5d",
        "lU|Bc:",
        "0!\")-E",
        "|#1$~",
        "$R!Ls",
        "kzbmD:",
        "X5&xK-qiec",
        "uy6\\l",
        "Bv4yG8$",
        "9?PY ",
        "F(f9h",
        "E<yM5",
        "jy25]",
        "8'8K8[8",
        "&tkPsHq%AvW.6",
        "3vUa6&3",
        "{FB1*s7",
        "\\N8?d9",
        "EO{_N",
        "A*PfYf",
        "B(ji'",
        "VB6\"`l",
        "az~xm",
        "+*l1DvV",
        "F+r0r",
        "U4zgiVPQ",
        ":M$?2",
        "t1EZH",
        "v\\zJPw6",
        "Y]>5W>",
        "a;1^P",
        "d&w'7L",
        "rg@&P",
        "_9#G,a",
        "$K9|5gJC",
        "Q.w3u",
        "nzxwK",
        "e`/5N\\",
        "}-\\'DA",
        "k5>tR",
        "4[Urp",
        "'uQ@Nb",
        "7\"sf$",
        "'7q<o",
        "|!rob",
        "raJN;c",
        "&);ZZ",
        "LD M\"~",
        "jA?0<:",
        "zs,2n",
        "TqkZ}x4&",
        "ZYi&m",
        "ZWp110",
        "KKQml",
        "|=W)R",
        "c%CNT",
        "e&Fgg",
        "1VV:]",
        "c7_h$",
        "50575<5J5_5e5",
        ")4JFe",
        "76\\dB",
        "~Vh\"!",
        "X\"ic^",
        "p+wn6",
        ">6E)zF",
        "Gcc#.",
        "#$.7~U",
        "uz-uz-latn",
        "T55UhWNmwq",
        "'OkTJ",
        "~MDd/OA:G",
        "dC*LK",
        "?rCpB8_",
        "#G9w'",
        "iOMMyl",
        "8(8;8B8J8b8x8",
        "*1ic+",
        "lk;hK",
        "sa;jxU",
        "y+Tw[]BDH%",
        "Y#>u9A",
        "Y+9w\\",
        "8_|'}_",
        "aX8EO",
        "/`1VI",
        "VB)Sdi",
        "a|s`i",
        "IPz(Jw(",
        "8uG(2Bi",
        "+!r1J",
        "ADwRD",
        "+6 z,",
        "O:zI?",
        "-~wl=j<",
        "ABCw&f",
        "ar-LY",
        "-Qb(1",
        "5Y:F|",
        "0k<A!",
        "ZFU<k",
        "O&@YR",
        "Qat)Wd",
        "XvGww",
        "W-pi,",
        "CD{.`J",
        "$15R;^7",
        "42*0lP",
        "'+y<z",
        "t><6T",
        "@>R#q",
        "W}|e6",
        "0R+Fn",
        "uzgN)|",
        "o\\e=-",
        "ivJr-<",
        "t]>Cb",
        ":evlR",
        ".rdata$T",
        "@ FiP",
        "Fm%!B",
        "5RFK?",
        "XiBzQ",
        "@-F\"k",
        "b56~7",
        "\"by)E",
        "lGOsm",
        "ld<Bm",
        "b|,%zW",
        "xx5<;",
        "\"!fM,",
        "G7]LT",
        "6<iwF",
        "8J+* ",
        "&JK<'x",
        "-o=W\"/",
        ")K{G:",
        "TerminateProcess",
        "]e+A)",
        "raN+`",
        "-sn'<",
        "'0*</z",
        "fGX@V",
        "VzL^P",
        "CNVBm,",
        "I;?*Z",
        "**%CWp",
        "[~ft:",
        "MsV*e",
        "GQ025",
        "/C&0c",
        "yI%r*",
        "< t3<",
        "';r-t",
        "x+wmdU",
        "[&[:J",
        "8`:pQ\"",
        "P]OD_<",
        "eo?Y4",
        "Fq$5+",
        "BTeEI",
        "4[g.T",
        "dsC1j",
        "uBFn+",
        "$z)]/",
        "_<d;#",
        "March",
        "W]=?5",
        "NVU5#w",
        "nq~hV",
        "i *<b",
        "7|4%2M",
        "S).z`L",
        "_/V=?l",
        "f^R 6",
        "0?a}<",
        "6 $`#wHE",
        "!}YRK",
        "N)mF=",
        "Lw~v4",
        "D7p`K",
        "kWy8ZD",
        "j4M2Y",
        "zh-TW",
        "7s/a\"",
        ",C:/c-",
        "d1.{:'",
        "0+nbD",
        ".Z;<ye",
        "<-n't",
        "_FkV!",
        "~UVV~thc",
        "IXAUi",
        ":boDz",
        "$tiS1",
        "HRByi",
        "eycz&",
        "zQB'X",
        "FlsSetValue",
        "-[,|]",
        "n<sfc",
        "6n``V",
        ".rdata$sxdata",
        "T(u/4",
        "80VBR",
        "Qo|8.",
        "de-CH",
        "; eRt",
        "w\"rw@",
        "WQ-q/",
        "<oerb",
        "jz;kue",
        "w-ik)s",
        "FW&rLTs",
        "O!!F) ",
        "Microsoft Corporation1(0&",
        ";{yI=",
        "8%G@_",
        "d\\yf9{D",
        "+mdc0?rj1,",
        "\\FYP.F",
        "FlushFileBuffers",
        "fr-MC",
        " \\P\\6",
        "nfIw0",
        "@_KW[M",
        ">FUX*",
        "<Bo+g",
        "cB+h-",
        "Jx.9s7",
        "98Xbzw",
        "aKzOp5E",
        "&%ja\\",
        "id{nq",
        ">aqX{",
        "[kg(<",
        "? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\\?`?d?h?l?p?t?x?|?",
        "h=c'-*^Q@",
        "K&3!R",
        "XtGmNb",
        "Aj48VS",
        "3f:mP",
        "Z~0kA",
        "A\\iNX",
        "`<%*d",
        "wix`CW",
        "=UQk)",
        "Lf8A~",
        "+epX>",
        "-$[&>N",
        "K\"+F8",
        "utF3Q",
        "kaCuN",
        "Rzu+%",
        "3de?7",
        "4EBgD",
        "_hJ!`",
        "JyrDW",
        "O2C#zw",
        "S>DV5",
        "\":V'J",
        "dII|GE9",
        "wP!3w",
        "slfxg",
        "zO`|'",
        "ImzZ,",
        "?@,,Y",
        "zmI@4",
        "|]/kz",
        "jgxto",
        "!>a`t",
        "+kTMN",
        "yg|~A",
        ":_^-P",
        "sANK}",
        "pMBAxtA ",
        "~]KW]",
        "W^}0>Xk`",
        "=VM P",
        "6$6)63686B6H6[6a6o6u6{6",
        "YQb_t",
        "gD/U&",
        "Vr31wu",
        "/(%Soli",
        "e1H:G",
        "%S#[k",
        "#>n~E*",
        "f:\"a+",
        "@EAJD@",
        ".s+(*V",
        ":j/7m",
        "q0LqQDLg@V",
        "4u/eq}",
        "zzM_rG",
        "!1/]II",
        "`vXA1",
        "Fm3#(>$",
        "$JjZ<#",
        "oR^,Bfr",
        ")mlUE{",
        "c*>Qul",
        "z`9\\J",
        "%\":uT",
        "i8:K\\N",
        "G^<Ak",
        "$f!he",
        "d*hho",
        "dW1jD",
        "cE\"\\Md",
        "Yf};8",
        "Wzgl;'",
        "yTu+Ctj",
        "9{P~?",
        "ga;3C",
        ":}|D]",
        " Qn,C'",
        "O;F@<",
        "FlsGetValue",
        "!w9c*l",
        "KKZ,v",
        "a\"Urj%",
        "t{x|!{",
        "xwnQV",
        "+dG+(",
        "^8]{-",
        "r}*(Y",
        "?Y, 3",
        "[#SU>",
        "rFf;u",
        "E\"v{)HB",
        "17.14.37411.7",
        "h08.{",
        "{kR_?",
        ".[LAX\"",
        "Ldws|",
        "4L5n&GHV",
        "ZCn76$",
        "'[#/G",
        "R:MTeB",
        "ye7$*",
        "[j=cO",
        "GetConsoleOutputCP",
        ">uc4HU{",
        "J!wr?",
        "Tnn|m?H",
        "(^A.5",
        "\"D1ob",
        "lJ=T!",
        "xHvDp",
        "-9+`!",
        "8N(up+",
        "zBfYJ",
        "jtV22",
        "*-WI\"",
        "zJv4n[",
        ",~5.hq",
        "iWOV~Z",
        "r@`m3",
        "U566{A",
        "+~b{d",
        "VS@W~*",
        "W`Vr-k;",
        "Ep}j\"_",
        ">s=L)<",
        "w{e,+",
        "Va|`LL",
        "$BkC\\",
        "snqn9",
        "s0pA6",
        "12mQ{",
        "P8lnb",
        "UU,Guv",
        "`vftable'",
        "v4gw!",
        "|KGxZ",
        "Yb\\]R~",
        "w%/xuT",
        "YSm}r",
        "~DB=y",
        "XCEt.",
        "5^,C[",
        "_d>w4",
        "Fu!0]",
        "&C=\\,",
        "-o@o@S",
        "*1e!9",
        "|p17Y",
        "5Hwcd",
        "ui3,.J",
        "DbAs+",
        "QJIHj",
        "tTKFF",
        "TvL{k",
        "}t u|",
        "ihQcO",
        ";9kB,",
        "Q/'f ",
        "{ouOSz",
        ")o7CX",
        "%L0QW",
        "hO!]uiU",
        "L1(c|",
        "$*`?_",
        "8u$ \"",
        "R51B%",
        "0SeHI5d",
        "$lS+^",
        "7uyQv",
        "E'x*N",
        "$k?ib",
        "U!9V}",
        "Pn2 A",
        "Jzf\"W",
        "Sv=cn",
        "<4}lX",
        "Wf(M ",
        "<Yze)",
        "v/NH5k",
        "|O~6l<",
        "+uP6a",
        "{XB7 ",
        ")+msnG7",
        "Ph`AC",
        "^beq2S",
        " Wa6rGJ8m/",
        "j?E2T",
        "\\&v@&",
        "(}&GO!",
        "&o\\B>",
        "&0I0W0",
        "a>?x1a",
        "VVYV<Z",
        ":{f:L",
        "Ekkoy",
        "Z@y0Zg",
        "<e=s=",
        "F>cba",
        "u$_HV",
        "9N^[>",
        "Kqa/`5",
        "ABd8V",
        ":re<:",
        "66g-Y",
        "bV`fW",
        "6t@!~",
        "II,}N",
        "0>6|k",
        "L t30",
        "<j@*0k<L",
        ".C3)N",
        "Re|Na",
        "riR!O",
        "a23^2",
        "9.boxu",
        "(vZBS\\",
        "7-0|e]",
        "=$z\"\\M",
        ",4^TO",
        ".sx@U",
        "Extraction took %d.%d seconds",
        "B#3;H",
        "rw~xql",
        "fm]H1Nd0",
        "2^AY#&L",
        "x,;23L",
        "smW=L",
        "?<0\"c",
        "OF<0W-",
        "'SjW1",
        "rF$XDS3z",
        "@6/$v*V$",
        "wz&vu9",
        "Wyp(`",
        "CT(Jp",
        "rngY\\",
        "a1+4E",
        "hYY0P",
        "uhb-P",
        "{[}S?",
        "VX{QQ",
        "Wdi+C",
        "tk$(P",
        "]C[JP",
        "l8!CMz",
        "9=}Z]E-`",
        "LoadStringW",
        "5{z0O",
        ":.2AW6",
        ";6n]S}",
        "rvHE~",
        "ZR\"|a",
        "k2j'*",
        "3lhYH",
        "*TcfP",
        "2 2$2(2,2",
        "K*V/!y",
        "~xH?PM",
        "Oqs ';4",
        "*~{vTC",
        "<KaHYE",
        "-Y|L!",
        "p!;gX",
        "cS<NzH",
        "itT$&",
        "RemoveDirectoryW",
        "0> Ah",
        "9-r;0l",
        "G_5$j",
        "6EeP=z!",
        "-]U3'",
        ".,-Ae",
        "6|bKd<X",
        "DecryptFileW",
        "@Q0UQ",
        "?ckk^y",
        "^nmj<",
        "ld'nr",
        "!U\"\"e",
        "M5doS",
        "QX>1pZieo",
        "=dp@Y",
        "_:8q+",
        "[&y9T",
        "P#nCwv",
        "p^fY(",
        "fr-LU",
        "8z6To",
        "sw-KE",
        "/tu9h;",
        "o<79p",
        "a'L^$,v",
        "l:pDj",
        "abEC^ ",
        "mF3WR",
        "\"G1V4R",
        "yv0$w",
        "&b&NN",
        "Ly<Cl",
        "[<QD\\",
        "Bgvb\"",
        "gq%%L",
        "^+tJu",
        "x5:Q1e",
        "ut_PY",
        "AppPolicyGetProcessTerminationMethod",
        "qvrA>",
        "hMbN8",
        "3I5/2~",
        "Uqe$=?_",
        ":QW}9",
        "XL7N}",
        "9CZ,9FCX9",
        "s^n3U",
        "TrWgv^",
        "v1sRns",
        "{#)Dy",
        " ]F{H'",
        "*n@ych",
        "UB@hW",
        "h8/?:-",
        "6_8Uu",
        "GPG;S:",
        "BfP/i",
        "zb)oc:",
        "d)1Fd",
        "(^<1H",
        "RN% D ",
        ";4<&=",
        "!Eux)",
        "y2)@;",
        "0fW7f",
        "F.V'_",
        "lB{T-",
        "By>m`0",
        "IH}V-",
        " J&jh",
        "=g,No",
        "/23;Hd",
        "q7Z.:",
        "p%^CE",
        "2&vCu",
        "G=PVV",
        ",6Dgmxh",
        "~}=JhQ",
        "{!-|]",
        "r70i%'",
        "qtq\"x.,",
        "/=EJT",
        "b;m#s",
        "w^==3",
        "X)1tFO",
        "\"pl(u",
        "{x+LJ",
        "m5*Clc",
        "AH#pD",
        "iU<V:",
        "*x,-*)/I",
        "8*5+TZ",
        "zP!5sw",
        ";Luj:",
        "Failed to concatenate message with error string.",
        "IO_h\\",
        "xW<Os",
        "0'~/6",
        "]f(lQo}",
        "Y\\+}w",
        "f]Gr?",
        "]^rsy",
        "?a6n%",
        "RlCM?",
        "k=6-L3.RH",
        ",F6!y0",
        "t8D:h",
        "Oa:gc",
        "ckbn}",
        "_0G{W",
        "=Pw=t",
        "Hzm$=kT",
        "dBj$-0JymE",
        "6e!zSP",
        "!o|_0t",
        "GE@0Q",
        "'3;Q;",
        "jYK7o",
        "Gj8]*",
        "tt?sA",
        "/d7<U",
        "}@A?K",
        "~D0JA",
        "?[WGe8",
        "EN|k\\",
        ".CRT$XTA",
        "XB(&~",
        "U\"n]?",
        "es-CO",
        "7yE C",
        "7pugL",
        "\\];E2",
        "h$Y~?",
        "F pAB4W}=",
        " R8i.",
        ",LdM+9T",
        "Z8v_j",
        "bjVwQVL",
        "yK(U,",
        "uMf;O",
        ".boxld01",
        "VZ|x7",
        "qX2gp",
        "5&[[}",
        "WCO2=O",
        "fo-fo",
        "quz-BO",
        "Kq2uO",
        "{jF5g",
        "BM-Tq",
        "Lz]Wj5",
        "OA]TC",
        "IfVB]%",
        "!*_=T",
        "g?g~w",
        "33Ixj",
        "<i*OP",
        "j7&\"c",
        "&<a&_z",
        " er~%",
        "F6s\\:",
        "R/b9z",
        ".tls$ZZZ",
        "L3I.W)",
        ",atW4",
        "iFS6,",
        "vG&y44",
        "iXYXb",
        "lQ(9D",
        "yYCeM'",
        "7iC8\\",
        "dG_{v",
        "tB-Qs",
        "-,0oX",
        ")1?'4",
        "d*gk:",
        ".rdata$r",
        "krzrb<Y",
        ">*[t?",
        "]+`+5",
        "2#XAMw",
        "M)~Iz6N",
        "Failed to allocate memory to hold extracted file handles.",
        "*TgyzJ",
        "y8hPs@",
        "xN]kd",
        "0++N^",
        "tg^.F",
        "^Kd?J6T",
        "H,y@!c{M",
        ":0xxz",
        "G,9G(",
        "x/fi!",
        "CV4GVo",
        "LDZZg",
        "NL>dl",
        "t^y{.{",
        "S^cbLoP",
        "QCg!W",
        "#hG /",
        "`~G';awQu",
        "?_6Pc?t'Rw",
        "3x:n4G\"y",
        "__vectorcall",
        "vt[LeL",
        "<0<d/",
        "b}@X?",
        "G[|0+",
        "hS(A5",
        "]vc!l",
        "-^lOS",
        "h2P;wh",
        "<wgU{]",
        "o0odd",
        "ss:JcHS",
        "en-us",
        "%:b]U",
        "VVVVV",
        "\"]5%N3",
        "~9@/<",
        "5~ri+",
        "de-LU",
        "ks5;3 ",
        "270415185943Z0t1",
        "IKT^4iq",
        "GU%WyO",
        "^}Nv_",
        "/7|_Qa",
        "'n6q+",
        "X-{Q.",
        "\"p8WeA",
        "}4d,?",
        "sf\\|??",
        "b:6B&",
        "8fAy[2",
        "qQB^o",
        ",m#I&K43",
        "v`/O9",
        "PDQ/H",
        "L#w?$",
        "vtwrf7=",
        "[M|>K",
        "*{/UY",
        "_1Aa'Y",
        "&W?wG#4C5@*",
        "_?HUuK",
        "LHOp[",
        "IFrxV",
        "*5Bbq5",
        "olyx*a",
        "rmB,*",
        "[PD5)",
        "#}!;o",
        "vVZS2",
        "^Vd'c",
        "pZ#i]q~",
        "\"CPP}",
        "o_Fmu",
        "MBGf^ff)",
        "JCGl@",
        "knHt@",
        "vD'4\\",
        "p}AJ6;",
        "e}X\\CJ",
        "w3&zK",
        "R/rHh",
        "=xXO1",
        "DZ49B",
        "xl^07",
        "~D@<HC",
        "!)]$@",
        "&PTRB",
        "8[L<!",
        "9{(UPH",
        "S>O*%$",
        "iV:%5W",
        "?`T`yr",
        "8K8R8e8s8z8",
        "d,!;\\`",
        " `Y<*B",
        "*\"' *n$",
        "->IsU",
        "|fn>T1\\",
        "{ sL4",
        "L<Xm|",
        "89:a30",
        "etqTh",
        "0bklL",
        "HlKf08",
        "0l%Y8/J ",
        "];Yb)",
        "3-3V3p3z3",
        "xyObj",
        " F/ES",
        ")Q.l3;",
        ";d2SN",
        "ys~dM",
        "ofh##",
        ">^o$Q",
        "=3\"M ",
        "2 IsO",
        "oy0gZ",
        "asP^Y6",
        "6=z(C",
        "}gTE?",
        "7JB(0",
        "ZEM</",
        "4wFF)`",
        "aP2J*;",
        "&=`Q>c",
        "uSr}:bR",
        "CkRZr",
        "]aY1$n",
        ")oC=-v[",
        "< <@<L<l<t<|<",
        "o&+C!6",
        "+$`P@",
        "B\\<rr",
        "2tYFL[",
        "kj=p65",
        "A3%]Z",
        "H\\X,9",
        "a(^>p",
        "RPD@/",
        "hfVI ",
        ">U0eZ/",
        "^?EFZ",
        "hfY@~|",
        "C;lHvqF",
        "9^|~!;~pt",
        "W#6rh,s",
        "t&>sFGi",
        "V9 Un+",
        "ntdll",
        "otygj",
        "qS$F^",
        ";=pcw2",
        "4;E0C",
        "Cr0TjN[(",
        ",E:x$",
        "l-[ Y$Nn",
        "j{FYq",
        "<j*Xf;",
        "b cFG",
        "[du0U",
        "$,=U{",
        "+=mAn",
        "XxF-o",
        "uSSSSj",
        "kyhz4",
        "/O>\\A",
        "Io^9o",
        "]=D,G\\",
        "~=:eN",
        "M>Hys)",
        "'lR%i",
        "kiEu_n",
        ";{:-F",
        ")Bn4B",
        ")bv9q/:_",
        ";h^%O",
        "(t.\\[iZ",
        "t^V\"s",
        "mnvfz.",
        "6_gFG",
        "Failed to set _SFX_CAB_EXE_PATH",
        "[4p=*",
        "6t_=b?",
        "*9/gh",
        "e\\vXt",
        "RegCloseKey",
        "|S'OcNnU",
        "5mG^!AN",
        "R5v.)",
        "}tMmtObxh_",
        "WoqK`",
        "y'a;]",
        "Am|nv*",
        "!vXZdK",
        "!jeE.",
        "VvK*Y",
        "%hr $",
        "fr-be",
        "0+.>LE",
        "s_/O>#",
        "Microsoft Time-Stamp PCA 20100",
        "^BKEW",
        "n@b=)",
        "N6;*N",
        "Z#1h*}",
        "~2\\XyC",
        "|z**HJ",
        " D\\be",
        "'Q6E?",
        "2^e{3",
        "G5LE\"",
        "i]E>F",
        "-{zZR+",
        "i:/`1",
        "zx%n6",
        "b;Rdc\"",
        "t*w[_",
        "OzwjZ",
        "oue!(",
        "xvN Q",
        "|`Xsy",
        "{Pudfz* }",
        "1/0-0",
        "tJw5#",
        "VYY,]",
        ". tw*",
        "EA6-N",
        ")32XW",
        "?L)=.",
        " =\\tHuH4K",
        "Hg2GR",
        "Nd,E!",
        "SetStdHandle",
        "P+%`)",
        "|q0Bf",
        "99{dr",
        "e6j,h",
        "UDLR4s",
        "y#x0_V",
        "=$=?=N=Y=^=c=~=",
        "2.#4p!'",
        "\\hS_I",
        "O_gJA3",
        "R{Y-u",
        "__COMPAT_LAYER",
        "PkF&&h0",
        "/vw0$",
        "W=]{G>",
        "9jni,5QJ2",
        "Sw#0<r",
        "R4wdJ",
        "`Z1h\"",
        "u8gyE",
        "/hv!j",
        " rkKY",
        "e\\:,g",
        "z$/lr",
        "vMs@%",
        "i+'B'",
        ";3gj#",
        "lt-LT",
        "d<gn[rCYa",
        "=@/,=o",
        "G/HrO",
        "WOZLCf",
        "`k78QM",
        "pEO7R",
        ":I992",
        "1eUm^",
        "dMD4@!Q",
        "|oXP/",
        "es-pe",
        "@4M#q~",
        "OE7D]",
        "*@-PY",
        "[Y`z=",
        "F>T6H",
        "8_IQ*",
        "VodOx",
        "JA3,x",
        "Fb6\\X:",
        "V-ywC",
        "R5!gn",
        " _>_L",
        "r|x2T",
        "N#E dT",
        "$/ k|",
        "6j(71",
        "vPL*S3~JW",
        "J<2@&",
        "V yC_u-)0L)",
        ":!8m)",
        "f%Hihk`",
        "February",
        "O15fU",
        "2rklG",
        "240808205418Z",
        "AbnN;NA",
        "IMGA#Q%",
        "\\G)A3}/",
        "ZrefA;,",
        "3CScNz",
        "##I%J7",
        "kVlU(",
        "O$=J(",
        "p%e-\"",
        ",5T|K",
        "i_yU|",
        "0%n(D",
        "g'QG4",
        "*1%`j",
        "-1ezA",
        "3P!JP",
        ";$;,;4;<;D;L;X;x;",
        "!z`C[",
        "LyCn4",
        "HUVM5NN",
        "RfI8}",
        "jA\"9 h|",
        "#3+=,",
        "iHC]&M",
        "]IFd*",
        "Mccu+",
        ">yI4l",
        "HlH49",
        "iX_O3HU",
        "J T_r",
        "j/Xf;",
        "{m)CIr",
        "vV.??",
        "J'|Wu",
        "'B-P53",
        "ALto^",
        "H]OTZ",
        "Q0$yK",
        "9.3^f",
        "GetTempPath2W",
        "psN&p",
        "4laq'",
        "Xq9seB",
        "Y))W]",
        ":j:t:",
        "iK(?^",
        "2kNX5",
        "hu-HU",
        "{s}u(",
        "pCR]z",
        "6wmpD",
        "{g_fwKg",
        "GetFileAttributesW",
        ")!IwZ",
        "'9p*[_",
        "1E8^+",
        "}sVF\\`",
        "BAfD#k",
        "VrM;}",
        "ET (Q",
        "S3_u7",
        "QZ{Z8",
        "kisB=+",
        "nlx`g",
        "|qy&f",
        "{>Ahx",
        "8j/C<",
        "OfU:)",
        "jp_}vT",
        ".O[Q6",
        "E} \\>T$",
        "'$d<Ia6[",
        "\"9%9N",
        "{wVd_",
        "~^yz$",
        "\\T[>z.",
        "%6RE\"",
        "=6L84",
        ",!\\7J",
        "[ebzSi",
        "wL_63",
        "*@d13*",
        "'6q&L",
        "lO+!)",
        "yid^.",
        "F'Z.~>",
        "u!rmM",
        "zr3Pp0",
        "wgES.*",
        "X@NsY",
        "C6{rdH1",
        "q;x[Mbxn",
        "g#15_j",
        "yStEmc[m(1",
        "(NS/'`",
        "6CX)|",
        "hvc-s",
        "rbf;u",
        "CCu,i",
        "]B}/k0y-xfs",
        "DjXqv",
        "4l1s9u",
        "{x+P`",
        "#Y;qu7",
        "${ujD>",
        "__cdecl",
        "^q)Gb",
        "oY@M-Bj",
        "t%%U?",
        "-;V@{",
        "N;TO9",
        "#w/H6",
        "zh-MO",
        "KRp{UB",
        "y@4Vd",
        "lf%o,H",
        "HMC>f",
        "\"1IXVU",
        "B>/6G",
        "vnd:-",
        "JvMi4",
        "5<kdl8",
        "C#q25",
        "s@0-QV6",
        "NwzOH\"(",
        "2a2p2",
        ":OY87",
        "il,Ql`",
        "M=>IY",
        "Zes]R",
        "         (((((                  H",
        "[pMmJ",
        "Q(;bi8",
        "u(+bN",
        "ISabQf",
        "y8)5S",
        "xa'aI^Y",
        "6dvHh",
        "\\\\Zk_j",
        "?qQ`_",
        "WGq+,4",
        "&[{x\"qRv",
        "6a3dP",
        "hR0Q3",
        "D;l>&",
        "d(e=d",
        "G;{l|",
        "j~I{(",
        "-#^WA",
        "-CAY\\",
        "C^Pjp",
        "(mbM6",
        "LfW3wS",
        ")TVsNz",
        "^crl=",
        "Ou^g5",
        "fPQ;3",
        "A5hl4",
        "x~G;{",
        "DosDateTimeToFileTime",
        "=z1o&",
        "?\\=/L",
        "frZ-C",
        "_Ojh(",
        "utT/}",
        "jsv?r",
        "_nWYH",
        "nFHLv",
        "OYW^H",
        ">qTWbp",
        " `4FP",
        "<VsCf",
        "E{])xX",
        ";'1z53O",
        "SW&k[",
        "X&(?m",
        "EzIF'",
        "#z`%9",
        "WC1x^N",
        ")6gfj",
        "s021~",
        "7 _<!",
        "Dt K=:C",
        "`0@O\\^",
        "j`:QE",
        "/'p+]N",
        "XkOm7",
        "~xW\\.",
        "%\\7)V",
        ";hKB$",
        "cyQ['",
        "rwL+h",
        "#$MKDec}u|",
        "RpJ96",
        "<&<b=",
        "hf707",
        "~ic]!",
        "j#w^`",
        "\"c^j>Y",
        ":;:Z:",
        "R8WKW!",
        "Failed to create progress reporting initialization event",
        "{o/nB",
        "i_`a*",
        "s:XJCD0",
        "qIl>j",
        "')q0n<`",
        ".m ^%",
        "8;-P1",
        "6{DJr$",
        "#|'.d",
        "zh-SG",
        "@=17M",
        "PZ= k{",
        "f.'QPp9l",
        "QjDn&",
        ":v%-~",
        "(V^$3",
        "*&>|I:",
        ";?BVUy",
        "YxfF7(",
        "Bq#i!k",
        "<{jDz",
        "2%2?2F2Q2X2g2",
        ")4<{$",
        "EW!O}",
        "e}\"vtn",
        "q% lMa",
        "CG7}Z",
        "ixb6g",
        "9~^u{",
        "C8=#s",
        "SEfhI<8_",
        "{'SO}",
        "}#\\}14",
        "H^0f?",
        "/RHmm",
        "SAiWsz",
        "|m}d#hA",
        "!uJ3#",
        "RnhUq",
        "nW|-t",
        "mO]7V",
        "8ttOy",
        "~duy\"",
        " ,<3EA",
        "}k,a8",
        "O>XX+w",
        "VO'3*",
        ")!}O+",
        "fM_EK",
        "U:Ht&7D[q",
        ">sBF4",
        "`v24>",
        "RZ{qw",
        "es-ec",
        "\\'gTR",
        "|p\"#3",
        "]>!h<",
        "x0C;^D|",
        "IKIn0",
        "C7;R9",
        "%p/\"-",
        "z Y[TFu",
        "(=OZr",
        "BrP6 N/",
        "_LP0}",
        "_Iy`3%",
        "28tm\\",
        "FW\"{eT",
        "EsrLLM4",
        "7*7U7x7",
        "Pj$^V",
        ";S(}#|",
        "mN&Pzo ",
        "?_uAkog",
        "NNWb,",
        "znt.3",
        "lv-lv",
        ".*'x ",
        "7w\\~_",
        "s$qSv",
        "3^n&D",
        "m_^)Q",
        "h\\iD0i",
        "~q+lb",
        "e))\\V|Hx",
        "pa4 ]",
        "d`@lz=(",
        "9_r$W",
        "_gagQ",
        "m4s_7",
        "h=6~uC",
        "Y'>'dx",
        "P0Z)5",
        "kmb}a",
        "nrhTK",
        "&y:Nx",
        "z>1Ht",
        "3~cKN",
        "${( /",
        "Uk#N>tV",
        "q%joS",
        "vJXWQ",
        "fWk=41^",
        "9o_&A",
        "pj;3<",
        "(4S|;",
        ")^,WY",
        "x/cpPN",
        "es-EC",
        "fe@_S*c",
        "c`t]A8",
        "6N?>]",
        "0!Csz",
        "nk!EF",
        "tV`~p,",
        "xa%)*",
        "euHRS",
        "^xnVp",
        "t!vJ98",
        "g''W[",
        "]RG']",
        "6A5`|",
        "aKhRv",
        "2hN?x",
        "2tYuG",
        "P4r4-4",
        "LkiOo",
        "{]&drq",
        "K\\f=L",
        "\"jBdA",
        "+^g;9  ",
        "]d3V<(s.",
        "//aOgz",
        "2~jdy@\\",
        "thqvSx",
        "'?0aY",
        "3l5,i&",
        "dCP5PJB",
        "%b\"N%g",
        "E*TeX7",
        "j5=)E",
        "Rh @4",
        "`placement delete[] closure'",
        ")v&!c",
        "NMDMRK",
        "QiRDG",
        ".text$di",
        "5W9Gf",
        "s\\+JLX",
        ".didat$4",
        "fB\\@Al",
        "lMCRC",
        "nlaj~EO",
        "af-ZA",
        "IRm9OA",
        "wT'Dd)",
        "]^*'@",
        ">55+D4",
        "}HJ@h",
        "}L>/W",
        "RO_rF",
        "G|0FC",
        "0a#_/",
        "Aj:8U",
        "W7yR:v",
        "&s\"DH;,Z",
        "g%!^1K",
        ",^zr1",
        "c/g%`",
        "6tL|V",
        ":(:7:H:z:",
        "90bol",
        "iNbHU",
        "6E6W6a6",
        "VS^`{A",
        "ka-GE",
        "H\"[<%I",
        "o~=}\\",
        "EJNyI",
        "_\"QGOu",
        "IJA,2(",
        "6`NvlsL",
        "B/Ep~U",
        "BK*.~vl",
        "Lr-tx@",
        "h^^LL~$",
        "D~!]Jy",
        "'Hqk@V",
        "GxS}'",
        "Y[Hh/s",
        "(1\\e9s@",
        "^7fI(",
        "1,/tZ",
        "mn-mn",
        "oGej_",
        "N@{< ",
        "r=n>[",
        "T26TdHW",
        "V+V5l",
        "x<tE_",
        "93_;R",
        "`x+H?6(R",
        "}=]E&n",
        "AjEmE",
        "wy|UM",
        "6r&KQ",
        "~9FLr",
        "hG|oYl{R",
        "Fay~w",
        "&wnh`p",
        "=J`zU",
        "O~!m8",
        "4.Pn\\",
        "3A[LN8o`",
        "Fa$&]",
        "{woMI",
        "6:[gx",
        "!26Gqm",
        "pd.<4",
        ":?4[T",
        ">FM%p",
        "x4i\\\\",
        "TIi:1",
        "k!;^r",
        "K Km}",
        ">Y]i m.x",
        "9tkmG",
        "UXI<M",
        "Z:s`]",
        "ar-ae",
        "oMcPJ",
        "cou]E`",
        "%F\"3o",
        "m@Ap[",
        "s0(R,",
        "(PF?d8",
        "!P\\H}",
        "^,^<4",
        "^(`9#\\",
        "MnveLx",
        ")KX+o",
        "\"$(Lan",
        "Cancel",
        "\\AFij",
        "!XuDK",
        " zt5$S",
        "Gzq<\\yW",
        "'(U;V",
        "L-AY%",
        "zIJ}b",
        "\")JZ8",
        "LY_,Z<OG~",
        "7},NA",
        "p)VH,",
        ">V[MX",
        "65e\"E",
        "L2)in",
        "9,JW~O!",
        "$DbG]",
        "}0hZ6",
        "w83ej6",
        "f<d5g;",
        "XZTz&",
        "X-0S5",
        "\"C=7l",
        "mWbFI",
        "2*M C",
        "+vdv1a",
        "*](3n",
        "Ldg/v",
        "o`d~@R",
        "9$91L",
        "cI[eT",
        "Nou!4",
        "\"h7<K",
        "SMT$.",
        "<#<*<1<8<?<T<[<a<",
        "2T2T?O",
        "Rh9bnq",
        "O\"->9:'H^",
        "Y,<Bm",
        "Failed to get the directory control.",
        "blLOJ",
        "fY7|*",
        "m%1}T",
        "&TM`K",
        "8]6lX",
        "owsyio",
        "](1DE",
        "l~#L#",
        "6~L|%",
        "y8`&e9P",
        "7|8Ud",
        "{jE--",
        "$oNOT?O",
        "&AK\"RX",
        "rT:'+Y",
        "@0g\\C",
        "@qazG",
        "6F6N6U6",
        ">+H3MV",
        "U\"+X7-",
        "Xg5P>-'",
        "=Bk*o",
        "|y='&",
        "yPeE,",
        "4xI7I#;",
        "8N|:~",
        "YDpDC",
        ">N>r>",
        "CSJA =",
        "W2kM!OS",
        "];NGe",
        ";n\\)01Dm",
        "nE8A|M=",
        "}{!*y",
        "`X<.z",
        ";Rs=/~D",
        "Bvph'",
        "c(p6?",
        "#CmI~8",
        "Lz9>8w",
        ";-YWBZ",
        "'RG( I",
        "y-aesq",
        "t~IaF",
        "/#gMtYT",
        "se-fi",
        "4|Q~D",
        "*.vdoi -",
        "H22-u1",
        "l3ip+",
        "E6\\k5",
        "<*\"-D",
        "E ^PQQQQ",
        "!+$96",
        "G\\#.f",
        "cq{i|g&&",
        "rp'c\\",
        "sbRjQ",
        "-ENE|",
        "/Ma3'",
        "$XZfK",
        "e+1Ay",
        "'MUDH",
        "|\"&]0S",
        "*691x",
        "Zd~ C%T",
        "J&#NG",
        "W]<PF",
        "Z|gC{!",
        "$Mo\\[H",
        "j'Xau",
        "={qz[",
        "Tbi/%s",
        "HaBHe",
        "Pv!:J",
        "Z7b^<",
        "s\"-m]",
        ":SP.\"",
        "]V'&}!",
        "S.k'c$q}",
        "cIpTv",
        "=wP#{P",
        " Gx~:Tm1q",
        "h|;!o",
        "4ci}{",
        "accessible and not read-only.",
        "2Suk_",
        "wzLSG",
        "tno6$U",
        "r!SSPVQ",
        "Mmgpz",
        "]N&rD",
        "FrqEy,",
        "6Ti{1",
        ">iNCC",
        "|J}V>r",
        "j?]oV",
        "qlJ/]mC",
        "$A]=\"+}",
        "*kW\\M",
        "*DGtv",
        "]rX\"}",
        "[]3c5",
        "Z+:1gb5",
        "9}[nTJ",
        "pTJRZ",
        "f:A5u",
        "`B([\"",
        "z\\OY7$",
        "rcP:?<",
        "/-juG",
        "H2i1k",
        ":=;N;W;^;e;l;s;|;",
        "=zj0_",
        "ryR2S",
        "+,lQ6$",
        "3e#JpH",
        "iDBRC",
        "G0?KP\"",
        "s[8&x",
        "'*<G_wy",
        "Y\\V+D",
        "P/W*t$",
        "}=b8<0",
        "&S|9a",
        "Q?RlAP5yw",
        "jr3a)",
        "KnkEE",
        "hJN?I",
        "|mP'A7",
        "],'vrK",
        "*I&X,xxx",
        "VAJ4Ip]2",
        "R:/g:",
        "{\".upL",
        "Ua*/oW",
        "GetExitCodeProcess",
        "W{7*8j",
        "Ci=p7XSN",
        "3,d{Ck",
        "b'`i.",
        "-;|~!",
        "l]>(lau@",
        ")3k;H",
        "7pPS ",
        "_f#gg[",
        "/k#vH",
        "r*w`'",
        "7-mP@\"*s",
        "\\tz+x",
        "ocQ&zN",
        "occ^t",
        "\"3WR{",
        "\"[fa|L}hr<w",
        "&]zz5D5:",
        "]J,Hsl",
        "D_% rkxR",
        "1LY/4",
        "j*w{S~",
        "x l|m",
        "SCG|Q",
        "NQi^=",
        "/b!AIJd",
        "-nup$@]*",
        "Q{ygI",
        "!7?$<",
        ",+%\\@",
        "7%787R7a7",
        ".F i7",
        "\\g_WX",
        "ol`v@",
        "JpeQk",
        "{#JB}%De",
        "0CwEi",
        "Mzux1",
        "([|f/",
        ",:hk1",
        "}._F#",
        "/*awR",
        "t/Q^-",
        "=(<}s",
        "uD<pB4_",
        "BK+o-$",
        "b*@_:",
        "+M2R~",
        "eK3Uq",
        "9!:9:>:",
        "ZgL-H",
        "/^aZKc",
        "h/Ne0J",
        "}Ir}f",
        ">,><>L>X>x>",
        "A~[Edr",
        "2jj,w);",
        "'6h,O",
        ";3K6mJ<Z",
        "!bYrb3",
        "jt>o=Lw",
        "ck`BP",
        "$Vd_\"h",
        "5I]/`",
        "nan(ind)",
        "rf$#7",
        "l<)@N",
        "9'yfy",
        "{2xuR",
        "[GXs7N",
        "=d.ep^",
        "Atdjq",
        "|D2PB",
        "5_,|0",
        "'Gn'xG",
        "mX{ }=n",
        "nvL=-",
        "p6V~N",
        "|q<G+:",
        "m*!ks",
        "\"\\2J9",
        "@RMtb",
        "g,>\\-f+",
        "70(,2",
        "zu@K2",
        "6 6(60686@6H6P6X6`6h6p6x6",
        "3B)L_'Lf",
        "p:u{4",
        "b55;V",
        "^ rJ|",
        "[r0[Z",
        "h925<",
        "7QM5R",
        "|$}G[",
        "RVdJY",
        "Webe~E",
        "tr-TR",
        "BOfs@x",
        ";GobwbM",
        " KWuZ",
        "$RvUq",
        "V8ZH;Ck",
        ";N>Xx4?rOk",
        "-YvC~I!",
        "pMJn ",
        "|K +Z",
        "2H5eWT",
        "7t9L\\",
        "b B`Y",
        "FUZ:rg",
        "tD^sA^>",
        "rJJeQ",
        "JLHk^<SK5x/",
        "1T+b`$.",
        "h<tC~",
        "9q,g,",
        "*.7~4",
        "N1XuX",
        "lEhUPb",
        "Jms3Y",
        "-IN?#)",
        "Z~44^b",
        ">XHk)",
        "WgV\"_&",
        "<6`Eg",
        "5X5f5",
        "mZ'*wf",
        "P0r6'",
        "#|~@6",
        "sRc-@+'",
        "|i~gT",
        "es-UY",
        "&,)TKr",
        "t;_?-",
        "1B24Li",
        "X`9V,",
        "u?\"Bq",
        "vn=6s",
        "Failed to open the box",
        "4CjyT",
        "(Za[D",
        "\"_^dK",
        "H:+It#JaM",
        "\\,.38",
        "'OE<]",
        "Qzu,_",
        "Lwa}5",
        ";Iu`^",
        "3U3t4",
        "uZbM ",
        "=<fbuC",
        "a/^zq",
        "sr-BA-Cyrl",
        "(aUpV",
        "fr-CH",
        "I|fT-",
        "oj~X~ ",
        "%OcQ;w",
        "f^4_8G%",
        "p!?.Z",
        "b6P=,Z",
        "o\\$fZ",
        "J/o#*",
        "F$Ia$d",
        "/\\&CT:",
        ";m8_Q\\sSb",
        "E:Dtk#& B",
        "<#6Rm",
        "/t\"R4I#",
        "1gqf86",
        "Y&k^iC*z]HX",
        "%K6i<",
        "bJGFE%;",
        "MultiByteToWideChar",
        ".?AVbad_exception@std@@",
        "4W_y~",
        "D*!yP9A|j",
        "<$<,<8<X<`<h<p<x<",
        "-IWjSCo",
        "R-9=S",
        ">?Kli",
        "6 1E?j",
        "{^eNx",
        "htd+hx",
        "en-CB",
        ">P>\\>",
        "U(ycX",
        "GsB|A",
        "i\"@X-",
        "@F0Qsq!",
        "aCJ\\k",
        "`C9Qu",
        "kEUVWwsWMj",
        "\\wUA}",
        "@J9,h",
        "%`h{gU",
        "GT\\8i",
        "EC|F_",
        "`K^N#",
        "`O]v'",
        "<<NbkI:$",
        "|g57hx",
        "R,hEX]0",
        "00'NZ",
        "N06F(",
        "Fxc)r",
        "Ap-~xGCY)R",
        "a3v;Cp^",
        "g3q&A",
        "$}0YB",
        "4!4/4;4G4[4q4",
        "Z/d&k",
        "~V?nA^b+On",
        "zz^Tu",
        "]2t}!Ri",
        "#/Vrz",
        "OQ-)1",
        "EGkj%J",
        "U_<;9",
        "1MN7F<m",
        "HRijN}",
        "%e}Nh`R&:7",
        "=A1j:",
        "<ItC<Lt3<Tt#<h",
        "tC$g9\"g:",
        "H;[YP",
        "pLG3-r",
        ";~k6F",
        "4UY*i",
        "qJLj|aj",
        "!HIM]",
        "BCryptHashData",
        "!la<~W",
        "CLBs4",
        "hjGG=]O",
        "l8$z#|",
        ",juD0",
        "5^|eJ",
        ")>g#Jp",
        "vd=;&S9",
        "T6Jt(C",
        "0G0N0T0]0f0",
        "ooUI3T",
        "tak8r",
        "uQs-a5",
        "L-aa;",
        ",)Il,",
        "u$f:V",
        "K\"HhO",
        "tpv0M",
        "E10f2+/",
        "i/1]\"%",
        "2XX$6HN",
        "j>5<F",
        "tFeuT",
        "&m]$[",
        "Dl%[I",
        "^R$.N/A\\",
        "ZAu+S",
        "hhf9[q",
        "W8>>Od",
        "-6K5/K\"",
        "Ig|YNV=\" ",
        "U@K(p",
        "5:6@6M6X6h6",
        ")U+RADg~",
        "J1K)e",
        "=kfEb",
        "Z`^Pl",
        "c75IS",
        "FDICopy",
        "C6QZ#",
        "06.?]",
        "7$7*787V7o7t7",
        "1ectn",
        "itfZe?",
        "!Nx\\n",
        "wY*-v",
        "LkD}^",
        "UuidToStringW",
        "(^%(&",
        "tQ_A6^'VQ",
        "YXs+^-z",
        ":k*;6",
        "FgMyQ",
        "KqQt[",
        "0zmo ",
        "FileTimeToSystemTime",
        "KZ\\r/",
        "#O$8G",
        "2;+e05",
        ")-cLM",
        "B>U6]w",
        "}Mf'a",
        "Vv31 ",
        "ExitProcess",
        "7wZ]x",
        "2N3J/",
        "Y_[^]",
        "uNp3w",
        "[2(7wq\"C",
        "Or7#63",
        "`5-B\\",
        "$BWa1?",
        "3GXxVA",
        "JdD<cIx",
        "x@\\s?",
        "n/`Qu",
        "?yO(Mk",
        "x\"jeR",
        "Hw{S+",
        "CUzX H",
        "r~oc?#",
        "87O+l0",
        "0-0N0[0{0",
        "UN@Q:r",
        "dHkV;",
        "@N/~D",
        "wtX<~X|",
        "9 rZj",
        "_B<%)",
        "ev1~`",
        "iz;]Y",
        "L*xT5",
        "*g0%1",
        "-Dx.&",
        "b\\s=*",
        "-qj'6",
        "}U6Z{",
        "^!~u+~",
        "9%9*9C9M9R9",
        "kt,[dk",
        "Da$8V",
        "NGBhV",
        "jg[jG",
        "Vht.@",
        "~_[%x",
        "nlzS.",
        "-0a)3u",
        "g+V~z9",
        "~~?w=",
        "nUK6X",
        "+K!_0\\",
        "0M]wS",
        "Failed to get error string from error: 0x%x",
        "1hCj{",
        "a>6fycS",
        "G;b!/-w",
        ".?\"e!",
        "\\|vZE",
        "-GVK`",
        "Ax2vh",
        "[M)\"p",
        "*NiOK",
        "CHN0U",
        "rM$e'",
        "E0iy[",
        "r^oQJ",
        "7>1sYLr",
        "4(h@.",
        "^lA?,>",
        "1hbI0",
        "sS82y",
        "j!6#D",
        "]_Cw?",
        "y.7J?P5",
        "#\">O\"",
        "*P\\8J7x",
        "=v[ks",
        "fd>n2",
        "p L-l",
        "h*/@'",
        "Xe?1X",
        "(VyXX",
        "pW(5cnR",
        "Mh]f@",
        "0OwER",
        "E'Cf0",
        "_|VN+",
        " S]%w",
        "?'Av\\",
        "W}aZT",
        "UTL+W",
        "hAk.x8",
        "^2E8;}_4",
        "\\;YZG",
        "=kmmA",
        "{7hX(",
        "y*8DT",
        "h`Kr<l",
        "->4o{:",
        "pa]d~",
        "-[a[-",
        "WI4/; ",
        "bTTZ-",
        "-O5i0",
        "xJegl\\ $",
        "3MKgDd",
        "{/mw=",
        ":24lUF",
        "u]@iB",
        "\"j-C*dq",
        "Kte0e$3",
        ")7jN{'%O",
        "3,:$i",
        "o)hUI",
        "Ruhf'",
        "L(\"9?Jw",
        "GL$19VL",
        "s/|~j",
        ";&I?DP",
        " p,rir",
        "Z,jd.",
        "m|RX#",
        "#SD+Ed",
        "v}+3q",
        "LpN_O",
        "&kQU]",
        ";z}#\\",
        "@1YUSc",
        "HKx*1",
        "KYCbU",
        "\"Ehox",
        "dbVn0",
        ")HtPA",
        "4 4(484\\4d4l4t4|4",
        "{mg?P",
        "/@`ly",
        "pTTDU",
        "A(n7\\",
        "X'HKoL",
        "!Kbg?T",
        "YdveE",
        "YD];g",
        "25of2Q",
        ";#;7;?;E;S;_;n;s;",
        "o,]Xbt",
        "y(Tz-f",
        "_N`q5",
        "}31vU",
        "|Ql8mK",
        "BMuMK(t",
        "\"-E:L",
        "IxpQ;",
        "3X'v%",
        "6rrm&",
        "&A'nR",
        "69d#Z",
        "|d*YdL",
        "x4X=^",
        "6Az\\m",
        "G+#(W",
        "qSLn&",
        "~JSb7K,",
        ":;./m",
        "AW'BL5",
        "KyC\\:l",
        "VHay.",
        "7|4C?4r@",
        "qrdrK",
        "%k50v",
        ",TStA",
        "4$>@S9]",
        "lw~-AGWN",
        "JZ^yr%",
        "2#Bg4",
        "Failed to copy the file name",
        "PostQuitMessage",
        "SR\\Q.",
        "(jO^|",
        "6x)B*",
        ")H8~+&",
        "6u5Tt",
        "KmV-P",
        "EWR=d",
        "#fhJL",
        ":t,{6y",
        "a]!!{",
        "Q$*L3",
        "uq$_'",
        "I)u6d_",
        "30NI;",
        "e\"v\"o?",
        "q\\I!I$",
        "0r6}}",
        "XQo4e7Yt",
        "!c{M%",
        "y&M})",
        "QNm*M",
        ")p+x8",
        "D\"D T",
        "/h{2O^",
        "02Q_?",
        "`YheG@",
        "/\\Y=G",
        "U|]>T",
        "TW5|s",
        "_CoiY",
        " [f<a",
        "B7bUy",
        "g2vMi",
        "XXEDS",
        "Fx{Kc",
        "&#P&n",
        "aD_&+J&",
        ")P;9y",
        "1/2F2W2v2",
        "1S{YX",
        "es-BO",
        "ONBr>g",
        "485F5]5",
        "[H#Ah",
        "H5#? ",
        "X.vm\"e",
        "\\YS0[p",
        "c;Q@Qx",
        "'XtK>?<",
        "le7]z5L",
        "%}dDe",
        "b:O_c",
        "4%\\]1",
        "5(Kis",
        "!,F+E",
        "1)1E1}1",
        "=7fKi",
        "3Ecrw",
        "2Ns+#,",
        "*qn9:",
        "r}cj8",
        "}-^F0",
        "6gmV:",
        "SaamF",
        "DM\"/AC",
        "7\\7mv",
        "+-VB[",
        "Failed to get command line.",
        "GNfL!",
        ":7:S:o:",
        "4E5a5",
        "`A_iG",
        "{SLBY",
        "u$\\|{b#",
        "!Aj!D",
        ">7^#l",
        "+X%ys",
        "]=-,x",
        "5Bj~D_",
        "{Su4$Oc",
        "%7T<>",
        "d]'^6",
        "p\\>5>",
        "n/iUV",
        "Hc&5il}",
        "GLXwPX@",
        "GBm,U",
        "\"4l.v",
        "G!X^ji",
        "d|E'Kh",
        "2Z2z2",
        "ss7}j)",
        "ke}[U",
        "J<> /.",
        "Su3 8",
        "W\"sK!",
        "P\"8?wENR",
        "85#D;",
        "=Tux+-} ",
        "Q0rV`",
        "&h4>$",
        "T~/X9",
        "(-Q{,",
        "B:au3,r",
        "N21a=",
        "RA0ft7",
        "V]bK*",
        "ASV*`",
        "=_kQ8",
        "KMP62)g",
        "a^P(H0",
        "geUe\"",
        "(=`[V",
        "T]Qv!R",
        "SF!UY",
        "D1\\AB",
        "z#E~h",
        "#((ir}",
        "5+oyl",
        "o<Nl(.",
        "v1`pg",
        "3 3;3c3w3",
        "$+e>N",
        "SN>n-QU",
        "A:9f]",
        "`2p8*",
        "(i:a_",
        "v@,RY",
        "cd;c=",
        ";tJ[4",
        "w{9[z",
        "Ac&FL%",
        "z;_|ls",
        "n;m81",
        "?)cBG",
        "8ZTp5",
        "O&,e:",
        "[xNXglJ-",
        "V6`@o^",
        "tgl4QK",
        "|i}X,",
        "2 333H3S3`3m3r3~3",
        "Q/kMg/",
        "z^C`}",
        "nB'ho^",
        "E5F,v",
        "vuypuv",
        "Gfm$5",
        "yoBc[d4!",
        "o3s2<",
        "+^W,.",
        "Bv?l!m",
        "#mZ=@WpiT",
        "n<aB1)",
        "em$\"UEF",
        "D8V/!be",
        "g1`n$",
        "A\\0P8L",
        " e(R6<V",
        "8 8$8(8,8084888<8@8D8H8L8P8T8X8\\8`8d8h8l8p8t8x8|8",
        "|@qO\"",
        " !sB<",
        "0k&fP",
        "JdSA7",
        "_@pT+",
        "@|329",
        "**iQi",
        "*.RFDH",
        "12,+`-",
        "rNk$%",
        ":<w8}*",
        "i(Cv^v",
        "1m=vp",
        "x4qPj",
        "@^V!Pu*",
        "kznZ/",
        ".ee|$",
        "Sez}U%[",
        "mLe0i",
        "5S5i5p5",
        "U0i p",
        "KgAf ",
        "@>u{z",
        ">+>4>x>",
        "09rpw",
        "vzauN",
        "zvwi|",
        " &m_.",
        "Failed to acquire Crypto context",
        "c5N1 ",
        "gbwZT",
        "===Uq",
        "X9;Xj",
        "\"z/!.",
        "dbeweo",
        "<4UrL",
        "joEsZ",
        "qiU)61",
        "_@32$",
        "*wyFv",
        "qOS:A",
        "HaxF)",
        "'x+Rz",
        ">jXpo",
        "gZB!U",
        "5Z|*d",
        ".E:Q}",
        "8:v26",
        "s*}L^?r",
        "+z}my",
        "N8gT6",
        ":!:3:Q:c:",
        "`qv%!",
        "MdL*_",
        "$ o}?M2@",
        "owisJ",
        "%S7T+F",
        ".%x0?)",
        "6J6k6",
        "SnAHf",
        ";Z*Df",
        "_:/Ad",
        "OKt[w",
        "tcZgv",
        "Mls5g",
        "A$o/ZJ",
        "1)1E1S1",
        "ycabinet.dll",
        "U,eT(",
        "\\`,Ah",
        "t/t`6",
        "!X4=k",
        "N l3?",
        "5g<>T",
        "NBi^1",
        "w-\\Bk",
        "es-bo",
        "_><C-Xj",
        "z[q@9",
        " i4:;W",
        "t)@,f]:",
        "|/*3o",
        ")}Jho",
        "p7no,",
        "FP`n.",
        ",LBo=?=T",
        ":&1FX",
        "\\|E}Y",
        ".!K,'",
        "qXh'+",
        ":c~K4[",
        "PPPPP",
        "8k$bZ",
        "ImOAe",
        "vst_l/",
        "LY<xYu",
        "P\"]@>4m",
        "rC5uh:",
        "AC;cc<",
        "&'Lu6",
        "(~x;j.i",
        "IoUX9",
        "5Q'J7",
        "u:&*s",
        ">cyVS",
        "o'$*H",
        "eiYF9b",
        ".rdata$zzzdbg",
        "F(^wa",
        "e0(6y-",
        "Tf;jG",
        "A+f3>",
        "C^.@|",
        "IE#jp",
        "SlkfYAuW[4%",
        "X^KAR&4",
        "ON'r%WU",
        ";qKnJk",
        "q@jOek>",
        "MPQ88",
        "-!y/So",
        "1Lc6n",
        "{g%tY>:",
        "z~!0kk9i",
        "/E#}?G",
        ";p#\\V",
        "D<UER",
        "S1WU;",
        "?%c~1",
        "~pBW&}[",
        "oTfW*]",
        "~~$-!",
        "C`$)I$Mi",
        "Mf{I$",
        "(qCXg",
        "Sp0PXu_",
        "ECS\" ",
        "q@oVL",
        "|$(Y3",
        "~0&Dn",
        "||X[G`V",
        "6HbGK",
        "j'o^Pa",
        "o!~e4",
        "r/nI<",
        "rvx+=",
        "TF]['",
        "HLbn3Z&",
        "IaY]^",
        "4H4o4",
        "7HPOa",
        "vA7Dz",
        "$dd{J",
        ")g)u2",
        "xJFIsq",
        "SdqE{",
        "Z[VzC",
        "8+ttk",
        "Y\"*F-",
        "`Y@o/",
        "d9=4;",
        "k)+X-B",
        "d7H`x",
        "#9?X]",
        "I0:#V",
        "Q'F'fQ",
        ")w;r#P!",
        "kva^V",
        "57?pG*rS",
        "vr<`b=",
        "UnhandledExceptionFilter",
        "=^A&]",
        "[:?6u",
        "\\8.qDY1u",
        "1\"1^1",
        "y`xzVzN",
        "[v/Ce",
        "<-k_qJMJ",
        "RPQi4",
        ">VGb|>",
        "?WN5Be",
        "Zdqm7",
        "/8(d}+",
        "cn5J3(",
        "YDXC_",
        "1 1(10181@1H1X1|1",
        "|$ ;|$<",
        "unVf-",
        "[O.Uwj",
        "[zz#,",
        "uw9+i",
        "$}{wL>",
        "6e1U][",
        "h=JTv",
        "m=2ZY",
        "<3jE9",
        "$ka4T",
        "scTa5",
        " `&b kB",
        "wg~p<",
        "nDhgo",
        "I|@n@",
        ".+c;N4",
        "}VA1<",
        "9Cl~ ",
        "2H2^2g2",
        "NgP#<",
        "Xp{;x 5m",
        "v92V'",
        "xc_`uy",
        "L uga",
        "^`yfz0",
        "'$\"HJ",
        "{I|D{",
        "I|Cb4",
        "p+_y=",
        "VVVSj",
        "'2FpV",
        "K\\\"ME",
        "?HZRS",
        ":+OT&C7,",
        "O=:T/",
        "&M[;]><",
        "^nbZe",
        "m@\"w#'",
        "]N~0D ",
        "^D0^<",
        "YtVLsO",
        "cMM|4J",
        "Cz{b#f",
        "~3ZW(",
        "CTb%:",
        "PQQSVW",
        "qa+>t",
        "]Icy9`",
        "Extraction took %d minutes and %d.%d seconds",
        ",c~Dw",
        "*X.P,",
        "=bNk,Y6",
        "f\"gK3",
        "{O^1D",
        "4O^!/'9",
        "SS!F!k",
        "_V<VF",
        "l\\_qC",
        "O_TZY",
        "ta-IN",
        "qj@cl",
        "'o:Fp'_m",
        "%zKN*",
        "8IRh@;",
        "CF;l1",
        "EE#|b_aX\"G",
        "\"oFL:",
        " ./F\"",
        "6FK(;",
        "-lkx=v",
        "&[@uje",
        "LKQ76'",
        "z-v=lkO",
        ";1KGgYZ",
        "]~8mz",
        " :yI7",
        "fy(H5R3",
        "u`M*P",
        "api-ms-win-core-fibers-l1-1-0",
        "T+@+fX",
        "yb1}y",
        "x,cL}",
        "Oep{Q,U",
        "j?JoD;",
        "M<@}d",
        "xP12uN_",
        "$*7uG<",
        "Qikaen",
        "9)ueL7",
        "c5pcR",
        "`managed vector constructor iterator'",
        "4&[L)",
        "cs--u",
        "\"gCOL",
        "X0*fpa",
        "o*He:",
        "]{he@",
        "xjA{?y",
        ".rsrc$01",
        "C=UE~",
        ",\\gVr",
        "GufM\"",
        "2c%vw",
        "a>hR,",
        "(ywii",
        "]U5#/",
        "Z\\Fe9",
        "|z.[+",
        "Myl:#",
        "ZG.#b",
        "FPw!2&",
        "c!PAd",
        "bHnl^s",
        ">;1H\"",
        "{%Nq:=u",
        "m]lu3(",
        " EaS[Y",
        "Mrh@[",
        ";81z1",
        "=+J1N",
        "POf\"A5& ",
        "!+0a9H",
        "October",
        "]Qk3oY",
        "YvzCz",
        "yT0OCJJ",
        "b&a87",
        "|x&o!",
        "uJL|d",
        "hJOF(D",
        "d\"<eE",
        ".j >2;",
        "7^L Cd",
        "=G5\">",
        "X:;P2",
        "&dtGp",
        ";YU<T",
        "/c[>Jr",
        "e^d!%J\"",
        "sv-se",
        ";aYt{",
        "fYh?~M|",
        "y|Lxb",
        "yrUo3",
        "d*T?n",
        "{Z0gf",
        "!_,|0",
        "+\"Syw",
        "!fPU`2",
        "K-)D[",
        "hA%yK3",
        "=G|'j",
        "csVE|x",
        "W3t| g`",
        "%bE]9",
        "X`xD'",
        "Gq\"d92",
        "m6%9;",
        "5GgOy",
        "AFYhy",
        "&UXbe",
        "9nH_>",
        "RE5%[",
        "[|:B6",
        "qRt u",
        "GmV\\v",
        ">Ud,u",
        "K}!Wc9",
        "pxs0\"",
        "}hB*eT",
        "M>SKKeR",
        "=2>?)",
        "Gj>-R",
        "hh_ZU\"q",
        "Wrs?&",
        "?YR[gL",
        "C<x#2T",
        ":08`x",
        "rzanc",
        "6Aygt5r",
        "-5g\\(",
        "1=+uo",
        "xr^ZM",
        "z6o?](0m",
        "e[[FI",
        "MoveFileExW",
        "sgztP",
        "7YXwN",
        ";FGM<",
        "lP9+E",
        "NhH(y",
        "~3^pM]z",
        "Whu:W",
        "`vector destructor iterator'",
        "^m3me",
        "kq`EV",
        "]CWr8",
        "s%H#8",
        "7n1&a",
        ",IUC?",
        "Vh0^t",
        "__stdcall",
        "Vo8m-",
        "Or?6}",
        "f1LYP",
        "EPT]f",
        "}dsW)",
        "P@/Y$",
        "Qd(Bw",
        "\"&$ghR",
        "L[<_f",
        "~NCg!",
        "7^9F/",
        "ckA)4",
        "H`amM",
        "\\!T=A",
        "Ht*+'",
        "h\"xs@",
        "QQSVj8j@",
        "{Ok 7",
        "u4>Bu",
        "*<&]|",
        "l-:\"@",
        "]_#PV",
        "^(4h+e",
        "}OJ_ ",
        "\"*D%l;",
        "nC2DL",
        "HltR.%A",
        "&^Ox<",
        "!DhMg",
        "bX!$fH",
        "jhdT5C2%",
        "=U1Mw",
        "aU4av",
        "7;GC*",
        "4!?MmIm",
        "T6 gw",
        "@kJLy",
        "=\"kz5",
        "6#haWd",
        "L3=Zc",
        "|)8=E)",
        "KJ-TlK",
        "-:M<\\}",
        "5k??r",
        "'AZ(j",
        "3<l+B;)",
        "DcFV}",
        "IQ=zgR",
        "#dX|Q",
        "L*_Rt",
        "#2[En",
        "h#lYb]",
        "B[v|#/",
        "8tlK\\",
        "K'P}$",
        "VR_5\\",
        ";0;V;y;",
        "z}?)A1",
        "Ce@[j",
        "J:,(_c/",
        "a<,`tX",
        "OWw\\:",
        "SDP~a",
        "fr-fr",
        "B1cIY",
        "`tW]C",
        "A[HcT:",
        "TnVX1Y-B[",
        "s\\`&!",
        "&0=Jf",
        "..6Vl7J{+}",
        "eWaI\"",
        "RaiseException",
        "jGWx~",
        "8We*j",
        "a$&f/+",
        "*7dSr",
        "F$hV}",
        "GetModuleHandleW",
        "5t[LB",
        "5.'2PQ",
        "?w3iJ",
        ">;1EB",
        "*cx'$",
        "wq3o3",
        "/~#f#",
        "$p4r'",
        "3d@.*",
        "t3&PC^",
        "!%|S)",
        "6(6H6P6X6`6h6p6x6",
        "~\\|>2",
        "F![jGg",
        "/lGZe",
        "~:uIhw",
        "GXRSP",
        "< 0dH$\"",
        ">6k/7",
        "1QycW",
        ":':y:",
        "!<<..",
        "]$]Afy",
        "U=L#\"",
        "6e|\"V",
        "*a&[q",
        "WD/pe#",
        "Wu6zI",
        "e^p3 ^",
        "dP%L>",
        ". Z+Y",
        "{%(<v",
        ".rsrc$02",
        "uHD&8",
        "qOi4xq",
        "7XU,6",
        "JiJ2?",
        "hg4yxG",
        "g)2e/]",
        "I_HU11A)",
        "Failed to set _SFX_CAB_EXE_PARAMETERS",
        "t4Oiv$H^",
        "QY39+",
        "3Bqt3",
        "hAPvnJ",
        "Kr8r!",
        "FvmiR",
        ":YCV@",
        "Ohttp://www.microsoft.com/pkiops/crl/Microsoft%20Code%20Signing%20PCA%202024.crl0m",
        "q\\Q17",
        "5ui#$",
        "r@~#j ",
        "&T4%`",
        "riGmA",
        "b;-X{_do",
        "6!VsF+",
        "fdo\\)I",
        "K/vI%",
        "(URg~",
        "vmwM}|E",
        "?Ss0J%",
        "@*vC\\^*",
        "F`;ax",
        "%u/%u/%u, %u:%u:%u",
        "=15s`",
        "'?DOa",
        "jZ6W I",
        "s%Qa;",
        "vlk~C",
        "TpC<'",
        "b(d|99",
        "'20&2m,",
        "K`f6\\",
        "W%mh/",
        "0kup5",
        "!_YY#V",
        "j:Xf;G",
        "0rXC@/T",
        "PPPSV",
        "en-IE",
        "[V9()\"+",
        "Failed to start the process",
        "b7Gjs^\\",
        "zT7dY",
        "|Q+:V",
        "x^OBV",
        "8&%Gj",
        "'~z*^mFew+",
        "*w1q\"",
        "(sRP\\",
        "Qd1?}",
        "j0|6s",
        "m'aV]l",
        "Z3],bS",
        "-e=(E",
        "Failed while running the progress dialog.",
        "\"oL.'",
        "jN5Da",
        "Z](gr",
        "P4Ez&",
        "):8H2",
        "znK/q",
        "MJ?31",
        "50,FJ,",
        "<1R)H",
        "aP{\\oc",
        "u ;wD}JQ",
        "e=69K",
        "T^hH]",
        "Xp2S5",
        "7',jkQ.Y",
        "M@9+3",
        ".CRT$XLZ",
        "V9Q#.",
        "M'?;Hb",
        "s\"V'D",
        "phy`=",
        "LNjj_/",
        "g6Ha<",
        "Cs]pY",
        "C-0H>",
        "S.)+an",
        "5Q_X=qu",
        "_mvu<",
        "C:heu",
        "ZWvm\"",
        "tcx8/",
        "0D]/e",
        "-xVr'!",
        "[]YVqM",
        "kz>I5",
        "pn*4Yh[",
        "U,DKU\"",
        "WBS2*",
        "FL|4]",
        "vG7}\",",
        "360322221304Z0W1",
        "P']Nv",
        ">z4+E",
        "g\"mR\\",
        "xrUuf",
        "+q@aJ1",
        "q+%TWV",
        "6tW|Bo'",
        "sYj_~)",
        "SF$cP",
        "TQ$uB$",
        ")p<Xo",
        "Cr~|P",
        "DUx*lZ",
        ")7z(r",
        "G}1Az",
        "|*TP!j5",
        "Fy@ES",
        "gJ&\"qb",
        "N@?o,",
        "5fsq%=",
        "o?Ub_w",
        "2%EQ(",
        "y24.%",
        "p$?FX",
        "Nz#$2",
        "kok-IN",
        "Microsoft Corporation1&0$",
        "Hj8(&Y`",
        "sa-IN",
        "])Qe]",
        "bu\"'N8",
        "a'0;j",
        "&%L0@v",
        "Qr4ns",
        "8a _1",
        "'vN?.",
        "IDATx",
        "`*eUt",
        "}M6+NU",
        "7O~J9",
        "ck(b+4",
        "hA/A:",
        "1aA}>A",
        "1aj]n",
        "z02K#",
        "Ko4HB8*",
        "$nKG?+",
        "PGBzV",
        "\"jY2]6",
        ".eE:/",
        ")1d+J",
        "nV~_r",
        ":yGmpQ",
        "TbRE<>a+",
        "F0[$W@",
        "M8xX$",
        "pOjb|",
        "1XA=eZw",
        "+u$_U",
        "D8E`W)",
        "o{nSRHJ",
        "rOew)",
        "s!=G:o];",
        "dOc@iQ",
        "(2kf3",
        "F:H2s",
        "|vQYM^",
        "^,n@)1",
        "XM\\SvC[",
        "sMgXM",
        "S3|Q_v",
        "w)t)8",
        "8%tXKK@",
        "Jh,8O",
        "rs)wu",
        "F'}@<Qe\\",
        "@cxXDF",
        "Z4=Qz-5",
        "sqMqq",
        "H@WtG",
        "ext-ms-win-ntuser-dialogbox-l1-1-0",
        "-2vBF/]",
        "SS@i\"",
        "{QkC]",
        "++?K?",
        "jQR\"<",
        "\\x8Y<a",
        "/:M\\Kil",
        "mW1xN",
        "fODM|",
        "C7\\=n",
        "vPbQ0k",
        ".rtc$TZZ",
        "M&}1a",
        "=fOdE",
        "nJlw@",
        "\\SoYh_",
        "Kjv=X",
        "3\\8\\`",
        "!:mL.",
        "BSF+s<",
        "xd<5 ",
        "\"!gog",
        "<e%q<!Y",
        "S3Z91",
        ",/L6j",
        "iwS3F!",
        "n*Yf=h1~:",
        "35J- ",
        "8Lugf",
        "O_}ol",
        "=g<TM",
        ";[`;B",
        "x[Q|(",
        "NHgDG\"-b&",
        "Ku&Cr",
        "Yk*Uj",
        "KDr.6f_",
        "A\"~@2",
        "Aeb}x",
        "V9#Da",
        ":\";k ",
        "V'UOd",
        "yf|jr",
        "<Hjg2",
        "%z4SN",
        "ZFZl~n",
        "4Dk\"p#",
        "<U:*r#",
        "P;TOV",
        "2FfNc",
        "tJe%:",
        "J5Jf%^",
        "[SS;`",
        "~!Z?iwPA",
        ")Em:Uz",
        "@@}%h",
        "9_:]A",
        "ZX4rX",
        "]WG3&",
        "+*F9 ",
        "$W[Zt",
        "yOusj",
        "rpcrt4.dll",
        "y+^IOCM,",
        "a/WAF",
        "bOl?uMt",
        "hz$1L",
        "@//Rj",
        "?[L3P",
        "?(_f1",
        "3WY#o",
        "wCt6;",
        "<ojCQ",
        "d\\q`7",
        "_f9>t",
        "w3Iilp\\j",
        "qFr~E&",
        "+ETcD",
        "qgc4/",
        "^x}y3",
        "~A{vE",
        "JI[LE",
        "\\XQ%`K",
        "Hambb",
        "epiLA ",
        "!sOo$F\"",
        "|fqrbX",
        "H8Jo/",
        "B-cT<",
        "b3K;0",
        "se@4\"3",
        "HPqc6",
        "[h[T&v",
        "3))f;",
        ">;;\"_",
        "AHX7h",
        "Qv}RJ",
        "R(<Y[R",
        "293h3",
        ",@8P%",
        "Z~[(/",
        "1J!OF",
        "0SS#Q",
        ">1^M}",
        "}O|7jZ",
        "Fv\"c|",
        "x59xL",
        "w+S3:",
        "D:I%\\",
        "9-^|O",
        "2'5Ce1P",
        "qj`_=Ok",
        "D`78^",
        "w%(Hv",
        "q[N8D",
        "4v7sYn",
        "wDX8x",
        "Y9`10",
        "N^7d-s",
        "9+B79",
        "ATI6L",
        "`managed vector copy constructor iterator'",
        "!L`M|f",
        "<7Po*@",
        "a&K~H-",
        "##W_=#",
        "?t$L'",
        "H6@(K",
        ":W!q|",
        "MessageBoxW",
        "-+(=v",
        "es-GT",
        "M_tXL",
        "P7J9)",
        "`j|F@",
        "1mp^d",
        "Ry4c*",
        ")!}rU",
        "/bnhii",
        "=qQc]",
        "8H,Epe",
        "zh-chs",
        " ch28Z",
        "3Tunv",
        "~'jwEu",
        "7>? s",
        "[u{t6\\",
        "8GrR:\"",
        "vMV<>U",
        "T'&?\"",
        "N_-Sb",
        "K+i/z",
        "[{iy%",
        "V^`Av",
        "o_F/.",
        "dgR6t",
        "xLluU",
        "5LSAN=Vw",
        "Ww<L>u",
        "S<fm]",
        "[EW?$",
        "qbhCkD=~fI",
        "tH9] uC",
        "<ce-J<D",
        "X]a[m",
        "dBx%=",
        ":HJw[",
        "1-^B2",
        "#Gq6a+",
        "o:3HN",
        "K ?\"|",
        "dBdmmZ?",
        "k.<*m",
        "6zAL2P<",
        "Qx/: k",
        "0p&jv",
        "vua_)",
        ">e\"`^",
        "?\\YRG",
        "\"IR^^",
        ";!a2.e",
        "p%61y",
        "RegOpenKeyExW",
        "YBD'/",
        "YQ(eP",
        "m/R6q",
        "F2YL@-",
        ")H)T7",
        "!>=e)Y3",
        "7|HGvc",
        "_%lYc8r",
        "XJJ*'K",
        "!-wiG",
        "<Qa&6",
        "WWWWW",
        "CE]zq]",
        "U/`OJ",
        "b.:_\"!E",
        "&r[TW",
        "Ms/d-",
        "/b~qH",
        ";;yT|Sr",
        "4YsYxSQ",
        ".E}oX",
        "48T@jY",
        "MHOTY",
        "><e%e",
        "H>vPS$",
        "D\\(Pl",
        ";nDa4",
        "%U,\"9",
        "qk` \\",
        "6\"/sn",
        "0:xdt",
        "G\"U,0",
        "+Mv@;",
        "bg6[mC",
        "ZSU\\m",
        "zxZI0",
        "4J(1E",
        "/d[li\"&",
        "8Y[c[",
        "{!1KY\\",
        "en-BZ",
        "9A|xNnb",
        "33h/r&",
        "k^LBc",
        "MX-adg",
        "B*IKK",
        "}TC5m~",
        "}y97<a=",
        "5-yA1",
        "t*)\\e/4w",
        "V{c7A",
        "WHK6\"",
        "9QvcH9",
        ";Ds;~",
        "4KVxF",
        "akcJW&",
        "<7?og",
        "D%#)c",
        "xnjCq",
        "Vr_[=`",
        "\\/>=@",
        "8TFYs3",
        "fNjU yod$",
        "W8VF,",
        "s\"K,}",
        "]>5CDf",
        "B\"ZM}",
        "'Nu.7f",
        " p##9",
        "~!-\\P",
        "O:]:W(d",
        ",)~d,",
        "}-):>",
        "!$_Or",
        ">C%XB",
        "V`>69.",
        "aE?SRE",
        "xg${5",
        "d\\ili",
        "SuM(;",
        "h}Q@fX",
        "{2Bg;",
        ".data$r",
        "QEAiH",
        "1 1j[J",
        "P?R*P]",
        "WaitForSingleObject",
        "advapi32.dll",
        "_0XX/",
        "3e7,Wr",
        "qAo~:",
        "Er26P`",
        "1_O\\y",
        "G*1/h",
        "#h4?v",
        "HUyl2|",
        "sr-ba-cyrl",
        "Sb.dlf{",
        "|O!N&",
        "SB*WQdz",
        "zh-CN",
        "gz~x*r",
        "R'>V0",
        "9!xdh]",
        "z^y> p",
        "es-sv",
        "LoR>K",
        "L%*p20",
        "absug",
        "_':;Q2g",
        ";m!Ve",
        "24<>#s",
        "kxYjF",
        "F-a4T",
        "w\\SgW",
        "rW>Ia",
        "y&:Tk",
        "Failed to execute file",
        "\\)oNxA",
        "@B-w-",
        ":?|`kTc",
        "dnuDr_",
        "+{9\"E",
        ";?UJ8",
        "Z^CT7M1",
        "co-ZVu:",
        "hd[E|",
        "cCpMq",
        "De(bgR1_",
        ".~Hg\"-",
        "*(7XE,",
        "F\"i8tR",
        "'X2IJ",
        "*k\"#!5",
        "Mz3'(",
        "Phttp://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0",
        ">|Xk_",
        "XTy?>5\\",
        "9c-k9M",
        "!(d_Z",
        "GPM^K",
        "D4^f5",
        "c^=U)",
        "ku3rxX",
        "VirtualQuery",
        ">N]i(sC",
        "~l6-!",
        "C~z[!",
        "q:t:_:W",
        "$6-cb",
        "c_AX7'",
        "^%!\"4",
        "T&SAf",
        "e6heiJX",
        "IV5apB!",
        "KB)7z",
        "Iim5{",
        "5:IF}",
        "SPec]",
        "]t&F_[",
        "_zf}V",
        "Sid=\"`",
        "GA'q''",
        "!lD@d",
        "XObGvn",
        "yC*2SJY",
        "i@i'k;",
        "MnK$KO",
        "\\ST>,",
        "}4<7R",
        "l.DJw",
        "Q%]{_D*",
        ")S6kZ",
        "ms-bn",
        "`dynamic initializer for '",
        "zA[XC",
        "&&#-A",
        "-)l*np",
        "EIxS/\"",
        "?KycT",
        "'=!|\\",
        "#2joL",
        "]'O\\}",
        "@/L(w",
        "3^9\\Q",
        "m%1m{",
        "WP{Gx",
        ",XLNxHM",
        "r#=9?",
        "CySuA",
        "j#Env",
        "~qXLV",
        "<^/g?",
        "\"LD]_",
        "A\\~] ",
        "d/E%=",
        "?4=-q",
        "M_LjR",
        "pj=kp",
        "mU-6~2",
        "5XR$$",
        "|R8E\\",
        "a.!~&",
        "`vector vbase copy constructor iterator'",
        "!b$a3",
        "HB+TJ",
        "v~dOCC1'h",
        "fI!J.",
        "y_\\Rw",
        "1a9>Z2",
        "rB$w>M",
        "o\\q;h",
        "v2=K{",
        ")GM]A",
        "]1`r.A,",
        "$S;;1T",
        "!<Ra|",
        ";5Rhq",
        "cpo);",
        "0p0UFO=",
        ">.e&:",
        "@/=3!",
        "+HPJ@V",
        ")O@H\"i",
        "K^>N{",
        "L&=j0",
        "A@4/y",
        "lJL`@",
        "7',xwP%R?R",
        "))1{%",
        "#Z[S+Y",
        "'%nl5",
        "@^L%`",
        "#bKIK",
        "to be uncompressed and installed. Please run this application",
        "''*)]",
        "L<pTSr",
        ":H^2V",
        ">NW$LT",
        "JOdMiU.[#o",
        "5k-Y9",
        "mSN,3}O",
        "3 3(30383@3H3P3X3`3h3p3x3",
        " $?#D",
        "xf ]_",
        "C.0 g",
        "&|{#p(",
        "j@Xf9",
        "sr-SP-Latn",
        "gD}ZXi",
        "36u!Wh",
        "\"I{%lpp",
        "~Cq=@",
        "DqB/e=U",
        "<%<+<",
        "6`>q,Zj",
        "!}.?Q",
        "&qAsx",
        "KG$@D",
        "vnW/Q",
        "B0M1_1e1",
        "T0n2*q/D",
        "u_&e^",
        "di&9>",
        "@.didat",
        "5jR>t",
        ".BA}J",
        "e5//I",
        "MR8\"2C",
        "=y 18F,",
        "qm}{%",
        "Kr6r\\",
        "PP9E u!PPSVP",
        "F0xN5",
        "^\\,18",
        "EtxTh",
        "WJ#e+",
        "sl-si",
        "^|ko3",
        "s#Fg$",
        " S68qNy",
        "d\"@o\\<",
        "K_|jx",
        "t+O9r",
        "id-id",
        "/+(UE",
        "FUW+n",
        "3cp}9}",
        ".V2[r",
        "mk-mk",
        "1ON-x",
        "5vWU9",
        "K&i&j!",
        "?z'k#",
        "yl9[k",
        "&:KQ]{",
        "hH.mU3p",
        "}(+$G",
        "af-za",
        "%}QD0",
        ")PZ02",
        "ay&7,",
        "dW:UU2^V",
        "DESHv;",
        "L)wtP",
        ",ggH=",
        "R%[o*q",
        " J%B+",
        "'9~H4",
        "n#tZ=",
        "syr-sy",
        "aNb'x|",
        "*UJkk",
        "%0(V6",
        "ar-IQ",
        "*fn-Qd",
        "q3uP0v",
        "`eh vector copy constructor iterator'",
        "pX\"(M",
        "jDUG_",
        "R}LBY1K",
        ")jZwykA",
        "/'ARtj",
        "{w;^\"",
        "RZku=p,",
        "cFuSKo",
        "}*A;<Hk5",
        "w!8{Y",
        "/6vG2",
        "qDp/R",
        "bfKS5",
        "CK{/|",
        "Mg3oA",
        ".t60Z",
        "XFD5YW",
        "'x&3/",
        "6@sqn",
        "j30~<<>%",
        "xw=}+",
        "|T^Z(M",
        "AM3u1",
        "YT`!I&.AW",
        "qqpNM",
        "yOWggt",
        "xZiqc",
        "o6l%Bg",
        "`JU< ",
        "Yfo`_",
        ":b9Hs",
        "2S!`\\p",
        "r%W\"`",
        "9{0~/",
        "[>jXf",
        "ixd2C",
        "\\I&:H",
        "k8$Xu",
        "/y|0Vk\\",
        "k=~D|",
        "v)\\m@n",
        "WriteFile",
        "wS[h[&",
        "5vhz?",
        "Su*aX",
        "<R{[e",
        "2NN~8",
        ">LUqg",
        "e!AK=k",
        "+o\\,&x",
        "0n0W1",
        ")tvHp",
        "\\]6It",
        "gs\"--+",
        "nD+%6",
        "#6\\'\\",
        "JrL`J",
        "v7]`^",
        "4@IY3",
        "B>~*M",
        "R[Lg';_Ys",
        "9(!p$",
        "YLHGi",
        "qY%hP",
        "RWA!*_z",
        "&@(IM?",
        "2Y$J`",
        "Y?'Gp",
        "TG}[Q",
        "j+Z;2r",
        "JAti(GL",
        "c&S\":",
        "#aF^`",
        "HWX].e;N",
        "a9xT>",
        "\"=xHP",
        "H*{E1.",
        "sNFdpb_",
        "kfVc$",
        "HzL$Y:",
        "qYf;7",
        "BSC^b",
        "cRhrG",
        "@P~{z",
        "-.}ft",
        "xb 0&",
        "_x~]T",
        "TmQcC",
        "?@?U?Z?_?",
        "\"t q#",
        ".CRT$XCAA",
        "[#(a!N;(",
        "j/x%\\",
        ":X>;RX",
        "J3.2i",
        "c7@Yd",
        "Or=\\|",
        "n3`VZ",
        ";Pmw-",
        ",)|0X",
        "p~g<~",
        "O))OfPj",
        "3Eiw*",
        "7X0[1",
        "*0|{Gf;",
        "u*wAt",
        "m*Po6",
        "_bDQrlS",
        "is-is",
        "G;~||",
        "?ZBtU",
        "_TSEA",
        "A`^G'",
        "afJoE_@",
        "CgkPk",
        "UT}Ag",
        "W6%iTP",
        "Li7:R+",
        ";6Ghy",
        "\\4B,z",
        "GH%g_9",
        "Z\\Oi8jYV",
        "sEp\"@",
        "I&\\Or",
        "Bb!kl>=",
        "ju8\"[",
        "`cEO{",
        "JmKRk",
        "ir#xk",
        "$7K@F",
        "^ H<!N",
        "HLxt6",
        "mg$9?",
        "p=|}D",
        "+Egz4",
        "!F#;S",
        "m*?n8",
        "en-PH",
        "0>oB4n)~",
        "8&<oJqG",
        "gputc",
        "P E\\2",
        "4e$sm",
        "^j]0A",
        " a.]O(",
        "^A|oB",
        "|7V%0B",
        "ZiO,H",
        "4a>%N",
        "=h>2_",
        "1bf^F",
        "jp+~rYq",
        "This application requires .Net Framework 4.6 or higher to be installed.",
        "|`!4m",
        "Amc<BHn",
        "U$nxy",
        "2<G3J3",
        "mTM:a",
        "e1Y:`",
        "NkAO$=",
        "X1/ io",
        "O6^4.",
        "*O+u }",
        "kNmS]<",
        "Rn/Qw<",
        "*BNen",
        " $5Ce5",
        "l;J<L",
        "a4T\"8#",
        "ox>/)",
        "quz-ec",
        ".didat$6",
        "}` .u",
        "B;V0|",
        ",$cI;",
        "I!Tnh",
        "BA_~T~D",
        "P!,VN",
        ".vPfW&",
        "mKP^l",
        "6EY$l!",
        "(liV0~i",
        "PU3p~(",
        "2.|4X_",
        "`vector deleting destructor'",
        "E[EBM",
        "sC|*fyq",
        "iFJ!Os",
        "Ztrnh",
        "rq%X|5.a",
        "BoYk*",
        "ucl3C",
        "J=\"i\"",
        "}(3#h",
        "#3m4b+",
        "T4mgKI",
        "GetVersionExW",
        "POH|h",
        "u:USX",
        "fmpckQc*",
        ":/+-<",
        "_ho&]%qj",
        "`d':\"",
        "sU^vaH4",
        ">vWpT",
        ".R)d:",
        " !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~",
        "~{/OZu",
        "A{vMx",
        "0*i/a",
        " Srx%h",
        "Ye!1V",
        "#=i8)",
        ";,U^V",
        "[d/OS",
        "ftMoXR0",
        "o/vI6",
        "uCc<&",
        "nwA(v",
        "G1[ysU",
        "F8p5b.",
        "XR8nM",
        "7(x]+#",
        "j]$_?",
        "CwKNx",
        "kY;2U|",
        "_oS,-f",
        "8tHg9",
        "/ia?n",
        "ReadFile",
        " x0A9",
        "D.eMg-m'",
        "rgn@@",
        "\\bQ`a*",
        "uc,Wm",
        "I?N]q",
        "9epvfa",
        "/L0hx",
        "7b!_\".",
        "#}N1%",
        "tv)A(",
        "/9fg4",
        "dRHba",
        "(HL;o",
        "N[FOB",
        "EN &A,u",
        "mD]'w",
        "=Mok2",
        "y}>_6E!7",
        "mqN-\\",
        ">7Eu*J<",
        "3JHHyv",
        "&j^eT",
        "H+m,$@b",
        "u%N0$",
        "7@H5t",
        "7[8 9N9",
        "*a(zp",
        "0jmB^",
        "=cl$T",
        "Pza/)",
        "m<Ok7",
        "<e3]N%A",
        "^rs,o",
        "EfdY`",
        "'*f!c",
        "(CVEdQ",
        "z;llo",
        "C7%gJc",
        "emkbe",
        "&)EW0",
        "EncodePointer",
        "ItE)l0",
        "%AUJn",
        "As z3",
        "E'yUC",
        "c att",
        "H~\\4;",
        "RQmJH8V",
        "Vz1bI",
        "%*.<T<<",
        "&iRwM^",
        "Mw,)6D",
        "(\\.O{",
        ";A'6W",
        "j,UH{",
        "1?S:0%x",
        "o6Zg{#",
        "vo7zfW&a",
        "9r-Ju",
        "fN8i#yH",
        "HxjAa",
        "OOt!E",
        "EtC]Y",
        "OY`kin",
        "7vNq%R",
        "waNXu6w",
        "G<wC.",
        "hi-in",
        "{XMAD",
        "H@CJ*D",
        "f,o!w",
        "YyP(X",
        "XP;\"$",
        "[\"o:t",
        "nCH04",
        "Y5Z~a",
        "GetFileSizeEx",
        "m}nCIt",
        "V$BRr",
        "n<Gy8",
        ",Rf3G",
        "Ji@;G",
        "9=2D4",
        "#GJGzh",
        "QqS~!",
        "t+h:c5",
        "qo\"n,",
        "`string'",
        "}$zd'YY^",
        "-4]44",
        "X |12",
        "`@0~(",
        "4)zt\\C.f>",
        "6DZ>;",
        "s@ojL+",
        "u7@=:",
        "kok6>",
        "GFi^/",
        "acEz<",
        "EYY_Od",
        "9ZQ]~x<)",
        "s`tSG",
        "<\\cl?\\yg",
        "J}i8Yz",
        "e4*y_",
        "[;<D'",
        "w8HIo",
        "s(}y}",
        "n;rV,",
        "TxfMnx",
        "^Yl}%|X",
        "Q1R}A",
        "Q:.o2",
        "d5}5E",
        "W_g\\{Z",
        "~u=s_Yjp-",
        "L@n5A?5",
        "E\\(RCy",
        "*tP)qw",
        "6o7~F",
        "Z[}*VV/",
        "5:Kb9",
        "JW#Zs/I",
        "|\"y8E",
        "W|]wY?",
        "(zs@C,|",
        "0p^j/~'",
        "Op%'j",
        "ptlH:",
        "lPm>eL\"_|v",
        "hmafd",
        "`GbslWG",
        "r:&*D",
        "Fh]1FS",
        "C0OuuH[",
        "x2u}]",
        "1R1X1l1",
        "U%LHAD",
        "d)>;\\",
        "h5h&f",
        "(E}+[q<",
        "s'|#^",
        "/.pr0",
        ",[ ~FO\\",
        "MwaR7",
        "z6@Q&",
        "Gz1sXQ",
        "P%|f<",
        "G&gMz",
        "`DV%O",
        "+I,}V",
        "0W=q4J",
        "@;56+",
        "AwVyq",
        "r_A[@",
        "i|>.W",
        ",F`nX`F",
        "fJDpne",
        "(null)",
        "rM1N|",
        "&$RkoR",
        "ibp^$B2",
        "Zl&y)",
        "9?[yf",
        "XVZ~\"",
        "!|OWud",
        "x2K<b",
        "79j/oq",
        "!0&o#R",
        "fID2G(",
        "A&J1/",
        "<0<4<<<X<t<x<",
        "hc,+G}HQ",
        "XP5jP",
        "'<Gj8t~",
        "=2.xU",
        "u,vW[",
        "UHT:`B",
        "4%l_,Y",
        "swi^P",
        "lBm:yM",
        "[xy~?",
        "#b~{\"DG",
        "A()V%Ic",
        "%#\"Ro",
        "h(TtB}.",
        "qk>dU",
        "fo-FO",
        "B4D_$",
        "V)L+,",
        "xM+rX",
        "+J{5y",
        "@>$]\"[",
        "x7#mj",
        "j3\\D.y",
        "E@)Lc",
        "g&7 h",
        "oOQfX",
        "\"&$O'",
        "GetConsoleMode",
        "ErJki",
        "nq6<NSR",
        "$ndj\\Q",
        "pbvIc",
        "1#9Q2D$",
        "U+EVzU",
        "L`QpO",
        "@G>J{r",
        "kglutW",
        "y6{Cg#",
        "QLYq}",
        "AVgBX\"",
        "6jLV\"",
        "TGZbH",
        "/|:Oq",
        "#lJsH",
        "`vector copy constructor iterator'",
        "9 9$9(9,9094989b:",
        "}(G@zaS",
        "h+S 7",
        "OWT3(",
        " q{HZU",
        "-8wA.",
        "OKGF!",
        "]+!OjR",
        "$2+z:l",
        ")F{|hf",
        "\"\\2Rh",
        "-DaK_^",
        "`g@[C",
        "W*An83",
        "Y*iwP",
        "r.4/F",
        "~#1(0",
        " @Xzw)G",
        "?J:ghb",
        "\"70,@",
        "vsVDXm",
        "|iqoK",
        "0fp.v",
        " HAjK",
        ":6W3E",
        "VP P+1",
        "V8\\@D",
        "qj;2<6",
        "o] aD\\",
        "TB[hiol%",
        "'A\"DYO",
        "6M&iei",
        "s}:.NZ",
        "SetEndOfFile",
        "t]8dL",
        "(2Kq\\",
        "W[:7+",
        "m 3L~oH",
        "Iyb-(-",
        "C\\`ft",
        "7*Wjh",
        "i(18b",
        "#,r=:",
        "$KrY+\\",
        "  dfx",
        ":|&} ",
        "T gAl",
        "4y\"Kz",
        "^Ee9XC",
        ")+`Y&",
        "\\/z96",
        "jw)/,C$",
        "%r<\\H",
        "*K|@v",
        "?3jDk",
        "+[SFX",
        "et\"Vu",
        "K2%pI3!",
        ".t8~$",
        "The entire Box execution exiting with result code: 0x%x",
        ")f7lx",
        "q<(=;+n",
        "k@D%(e",
        "runas",
        "V?n1i",
        "?sZ<L",
        "Vw}:q",
        "QU[eg<4",
        ";WIFm",
        "%l%)F",
        "iL!=ey",
        "_QMe^",
        "k1g_'",
        "57UH`M",
        "nKI%c",
        ";HPCa",
        "-!ZH7B.",
        "ps_0,",
        "SbRhl",
        "}2Cnki",
        "O,f(IW}",
        "j\\Yf;",
        "DY\\}69F",
        "Hg'2w",
        ")>C)_1",
        "N?1dAF",
        "Y.qJ[",
        "w{W!9",
        "A62E>6<\\",
        "de]Dg6thB",
        "B[~)p S",
        ";N&m8b",
        "Y3-Z=4",
        "6pUq}",
        "B5fkO",
        "&Xu@D",
        "J%3]m",
        "+f;\\X",
        "`7I7x'",
        "La]X+Y",
        "|@FbKE$",
        "a_\\6c*",
        "HLqbD",
        "xT>d4",
        "&V3H_",
        "=\\\\?\\",
        ":3ktg",
        ")Bg@z",
        "s2'h@",
        "wG\"TB",
        "TM!ff",
        "Jv|fW",
        "@V3z<",
        "R{ F-6d",
        "]rVZW/",
        "Microsoft Corporation0",
        "d@jy6",
        "V})ZDW<",
        "\\o[7D",
        "$R7.-!",
        "\\Mg~X",
        "wH*P*",
        "oV)vd ",
        "vGD]Mp(h",
        "/BZf_Z",
        "ZoQ<T",
        "k#Js7",
        "\\+(B;@",
        "A(=66_",
        "6d6v6",
        ";1BYP4",
        "pb.Rw",
        "~X\\e_",
        "8X/@8",
        "?edx$",
        "7*e!f,SyVY\\",
        "VZ Cjl",
        "H75FE",
        ">f=@&",
        "K\"f@y5>",
        "V)9N@",
        "eG5kn",
        "Mx\"/lE",
        "FEk%>",
        "~q= hL~",
        "Z9Z&2",
        "He]@4",
        "/Q}Ja",
        "y~\"c1R]",
        "fE67@B",
        "-MAYN",
        "Zhp-Z",
        "u>~r2",
        "NLG;{0|",
        "p]q<[BE",
        ">>Bj;WwYk",
        "[J]|c",
        "3q^-1a",
        "rZf;u",
        "ZbO#7",
        "b\\B(B",
        "tR2vnV",
        "5Yw@O",
        "`2/]t",
        "MiA+$",
        "\\qv+sr:",
        "}gMI=^",
        "}ouC%a|*",
        "_HNu!",
        "21;de",
        "XMj[z",
        "FindNextFileW",
        ".bS}\\",
        "BFI\\7",
        ";.DEk",
        "vYxyu(",
        "pKMf,",
        "N>\"er8",
        "Ur9[AL",
        "gTdSM",
        "9vDZU",
        "96}C&",
        "b@t;0=",
        "tmip/",
        "NY&eS",
        "% u#(]",
        "T4IZv",
        "lf1Li1",
        "?_tC}ZH(",
        "PO`a`",
        "tr-tr",
        "Zj!Y[",
        ",k,-3",
        "dCIP)v",
        "GetCPInfo",
        "<9=T=f=t=",
        "Arap[",
        "RoInitialize",
        "SfM1+~",
        "up}u G",
        "IdyO8",
        "!`l 3",
        "m?_*;",
        "}XI4M",
        ":(,xA",
        "&(-nf",
        "Jl1bcCQAS",
        " LB3b",
        "|I;Ax",
        "k[@>%",
        "|}%BS",
        "CreateFileA",
        ".;lry",
        "@t8(-",
        ";j;~;",
        "MOfYg",
        "4?%w;$M^",
        "^zWWY4",
        "NP0WS~OD!",
        "GF'F`",
        "_9R-I",
        "&hjT\"",
        "$]m(Q1",
        ":&odS!d",
        "B?l+j",
        "dAP5S^Wt",
        "G;{P|",
        "Y*sB&",
        "+Di_'S)K#",
        "bf[E|",
        "3`C\\ow",
        "M/=m9/N",
        "u,JSS",
        "ut{HI",
        "rx_-@",
        "Qb}wV",
        "Vhl.@",
        "\".G;Zm",
        "\\bQ$\"",
        "~0&qxf",
        "d0]WUc",
        "&w6:~^",
        "w#+4\"w",
        "O6,.M",
        "VdLqD",
        ".CRT$XPX",
        "3pHNx",
        "%%4j[",
        "9~a/*",
        "8HecWz",
        "LFmo-Qw`",
        ")lZ[b\\",
        "OtGwFqtS",
        "6W~ b",
        "mDZ]L",
        "OUo}[",
        "Rl7-#N",
        "6P8Yp",
        "9#909B9",
        "n|b4?",
        "{`&ms",
        "]C2&/",
        "U@j.F",
        ">sJ 8",
        "&#[4E",
        "k%[IFuE",
        "3uMb5",
        "&oC}D!M",
        ".CRT$XIZ",
        "Yy;)a%",
        "T#Z29",
        "fw3:D",
        "A]A06",
        "-h5,N{",
        "u)N<.T9~",
        "@3aAe",
        "ZI9{:",
        "/dq<?",
        "CV;|!",
        "n,81Y",
        "\\khCP",
        "7[N5h#",
        "q5Nxba",
        "ORX[|",
        "9oukS",
        ">}LlA ",
        "Q$TM;m",
        "8jQO[",
        "v}8H/",
        "0S\"ZT",
        "v!<iWxLp#@",
        "x2Cqm",
        "$s1c8",
        "cuZ}}9-",
        "'onIe",
        "{ccg]",
        "diQem",
        "\"Wmi{*B#",
        "T,Q^j",
        "^`Scx",
        "gyHE'",
        "h|(%N",
        "?`{a5",
        "GetTimeZoneInformation",
        "7=$OE",
        "W~OR,?Y",
        "AZ\"t2",
        "GQsg6",
        "c\\.>+",
        "mQz`&",
        "vnUVA",
        ";x{5#",
        "~M'7zc",
        ";2T9j",
        "6]N;V",
        "=*G'8/",
        "npMMf<",
        "v\\KQB",
        "V)T:,m.",
        "r-by]",
        "|dp>T",
        ";1(7e",
        "&d0u'",
        "!R-#:",
        "&fKD&",
        "k2]Dp",
        "zu{+J",
        "Uw=|4v{",
        "7uVfh,",
        ">4-<y",
        "zx:?a",
        "--o^bw",
        "m4@v{E",
        "R{2r6",
        "}3Zu/5<y",
        "S`wA,",
        "\\niJ?>6",
        "o{,^K",
        "ymnfi",
        "%71pn",
        "-zz+J",
        "P/7@z`4",
        "5XTqF",
        "yW%8Pg",
        "B<`J{",
        "hhQlS=$",
        "wpjD!",
        "TAgYle",
        "N`@X/l",
        "hAVW&",
        "0 0$0(0,0004080<0@0D0H0L0P0T0X0\\0`0d0h0l0p0t0x0|0",
        "es-pa",
        ";t*XxW",
        "5nm\"t",
        "_==t&",
        "yL!,p",
        "N')T/2s",
        "%7(iQ",
        "Mz\\ku",
        "1+;*T",
        "YW6A<",
        "saEz$",
        "|i I<",
        "dv1V!yw",
        "B&N}N",
        "Kh8=F",
        "w#lBY",
        "3^AHk",
        "Oz<?E",
        "GGPRb+v",
        "q21I5r",
        "jPv/.&=",
        "<R9k@",
        "s09u>b",
        "Aqmmf",
        "`virtual displacement map'",
        "t8c^&",
        "/QaZ$",
        ">+-#<",
        "aX)KC",
        "y4Aem",
        ".4yQ<f",
        "K+G]v",
        "2l78r",
        ">{j1y",
        "\\m'Xe",
        "wxod5",
        "818B8X8",
        "[avK>",
        "; ;$;4;8;<;@;H;`;",
        "1aj*6",
        "mFQu ",
        "j^!Xv",
        "z(mhW",
        "qzOf?",
        "#2'qm",
        "5Spd+j@",
        "h*CVt:32",
        " ~>{lqb6",
        "A6n74",
        "H\")4c",
        "L\":#}",
        "en-jm",
        "KXeTZcb",
        "sA_J~",
        "wgxa&",
        "u\\~6g",
        "%4MXf1",
        "B\"q(w",
        "\\N8vH",
        "api-ms-win-core-synch-l1-2-0.dll",
        "Mk}q<|Z",
        "u_$XKD$w9g",
        "D%YDS",
        "k;S??V",
        "0RRmM ",
        "Zpf,x",
        "<T.6s&VB",
        "mv\"S{",
        "\"OPf6",
        "qF*\"=",
        "505S5g5",
        "&i<o2",
        "MNg[u",
        "Failed to allocate preload data.",
        "W9Af`y",
        "heE4W",
        ".\"VQ|",
        "dQ*V$My",
        "%QjF8x",
        "oubjx9",
        "Sj^t<",
        "S_}dV",
        "Washington1",
        ";t$,v-",
        "=6C.[M6m",
        ";}2l|",
        "KGP7W",
        "\\zzrFM",
        "47}@y",
        "%qyg=",
        "H2Hf^",
        ">v$}M",
        "Extraction took %d milliseconds",
        "30>0U0r0",
        "m1~Q;&",
        "{fK1\\",
        "7$7,747<7D7L7T7\\7d7l7t7|7",
        "/Cb\"G",
        "+V(-&",
        "V#|U[",
        "=[H2[F",
        "GWM]P)",
        "71s,,",
        "RCt)*",
        "fF-FD",
        "0xsPf",
        "tH[E ",
        "xMWJ|@L",
        "?N>+-m",
        ",J*%9",
        "&ngyI",
        "|'b%8",
        "M:k+s",
        "m~-~iz",
        ",0ILk",
        "ASv@F",
        "pz$pw",
        "fwtr2d",
        "c'JgQ ",
        "`%4Gm",
        "210& D",
        "2UiF~",
        "VZjhv",
        "Vh\\.@",
        "0+W~h",
        "=K9os=U",
        "msm'C4",
        "w5(d'%~",
        "lmICr",
        "Wd6Kps",
        "aj'^/)o$]a",
        "aaakr",
        "gqe.B",
        "aK6g;o",
        "E2vmj",
        "#M`bI",
        "MNko #yE",
        "w8;!g5",
        "~yJ)j",
        "z{cBk",
        "az-az-latn",
        "YTx4)YY",
        "zDT%z#",
        "~PpqP_m.",
        ":X.Fv",
        "m_;J*",
        "4@-)8",
        "]>XOd",
        "n*AJ-",
        "4;o@5",
        ",|xB1",
        "y aFr",
        "WK5&./h",
        "k;)gb",
        "gu-in",
        "}GT'y",
        "Microsoft Corporation1200",
        "Et Dw",
        "6L!}h",
        "XK<?D",
        "Epl:)",
        "%dc~@",
        "I-QYu",
        "s,7cJ",
        "syr-SY",
        "; V8],",
        "v:&R>",
        "Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z",
        "q'BO1",
        "fzkxu",
        "eTjUp",
        "dO&4By",
        "Ukxkgp@8s",
        "\\F|'s,U(%A",
        "a*\":x",
        "x}2@`,0",
        "%`c#P",
        "Nbq&x",
        "DecodePointer",
        "%vfYi",
        "a&5+j",
        "?P\\#]",
        "_VnQA^",
        "1d1s1",
        "];ap(",
        "6OrWS",
        "eoh^B",
        "Ss;M&",
        "NWz,P?Q",
        "gc] sc",
        "&A3AS6",
        "en-JM",
        "Gy#;1",
        "\"og\\j",
        "@|qs&",
        "u(<weZ",
        "\"a.f(",
        "s5ewu/",
        ",-p4%p",
        "GetProcessHeap",
        "&_y=u)",
        "H*5[f",
        "m##toO",
        "e8_aL6",
        ",DpCB",
        "knqbd",
        "qWv!.IV,",
        "+6-F^",
        "7O8cC",
        "N/J|#",
        ")Db-B",
        "\"v|~q",
        "BRC}4",
        "mKYk@",
        "vUW_4q",
        "_SFX_CAB_EXE_PATH",
        ";[<v<",
        "O dd}",
        "A#`Cx*",
        "!V!.r",
        "5X)!Ck",
        "DUx=k",
        "6?zZ?",
        "1$1,141<1D1L1T1\\1d1l1t1|1",
        "Rz1{C#",
        "'BY*k-",
        "fv.JEt",
        "T,*du",
        "+r&uXo",
        "j*S/%q<",
        "4,IfP",
        "a1p4|",
        "csp3c",
        "cs?NFE!",
        "*uV6{",
        "'35^a`l",
        "wm #5",
        ")x%S,0",
        "K\"JiX",
        "?}s4+",
        "LZwMU",
        "nAQ}&UD",
        "Ss]^-?",
        "0)urp",
        "DjtS.",
        ";H3/O",
        "u@Ae@",
        "thT6;\"",
        "ZLd,S`",
        "!Xe~*",
        "ag^;v\\",
        "\\&g}1",
        "oOAl I",
        "Failed to allocate memory for command line",
        "o}$'y",
        "$H:w;",
        ".-G6'",
        "=L<+ft",
        "~bZWEK",
        "+C,wJ,)0",
        "ZP/)X",
        "0\"2&2*2.22262:2>2",
        "FMAPHf)",
        "/5\"WB",
        "G3\"hwHR",
        "BH8*7",
        "/CS'E|",
        "2xwm0",
        "Y%{W(",
        "K+kd+",
        "~|.mG",
        ":)MJs",
        "E^Asn",
        "_z@<]",
        "D-1k:\"",
        "rNZ0>",
        "}?LP ",
        "\\w0(M",
        "w6?]%",
        "de-lu",
        "/>++h",
        "Bqn%z",
        "5+28Zub+",
        "-OC!-",
        "aapL}",
        "vd;Nzb",
        "@c3=k}",
        "i#D HWl",
        ";zB@d",
        "-n;uc",
        "js&${",
        "As|a2[",
        "Cm[|<>",
        "@H4.g",
        "z#:qk",
        "&9Dj_%",
        "0c@~O",
        "#YtD(",
        "__swift_2",
        "ftb~i",
        "2G,Xr0",
        "F},\"z",
        "ejhb'",
        "SwuVQ",
        "-=`<|y",
        "XVT{9",
        "ZqqT\\",
        "H{34PZ",
        "<s\";q",
        "{v?%0+",
        "0Y-'Uh",
        ".y<+`",
        "Z5lcEz",
        "!pI`jF",
        "@=.V'n",
        "4zrL?",
        "25P)W",
        "x9J9A",
        "$S8IF",
        "dh5_nxq",
        "7_GV]",
        "&@&CZ`",
        "`e-^(",
        "7w.Zb",
        "eWB4v",
        ")noD/5x*",
        "~\"}+B",
        "qJVJp",
        "VubM\\b;l",
        "Ool3h",
        "t=]ZK",
        ">(-UN",
        "quz-bo",
        "i1 DK[",
        "XU+{>",
        "df^7(1R",
        ".fv`Eo",
        "NnS}j",
        "w/0!#",
        "7PThX",
        "qt\\E#",
        "Awb9oc",
        "DAdlJ",
        "en-NZ",
        "P^zfcY",
        "%!|L9",
        ">^+Ew",
        "tCV6\\",
        "Nl cK",
        "}$y\"'",
        "_u4tw-R",
        "89{zr",
        "HBpZh",
        "?^mYoe",
        "3iD(N",
        "Q3}_0",
        ">B=rv",
        "F~*=2",
        "H%Cx-",
        "\\p%5>MM",
        "_hH)Yr",
        "9zG.D",
        "aoe*0",
        "a{G6,E",
        ",\\.AwL?",
        "uGnx5",
        "Call to the SHGetPathFromIDListW failed",
        "de-li",
        "3wO\\[-",
        "Mf\"Cal`",
        "H0+<Q",
        "pO3zX",
        "!1t>!b",
        "/,VcUCz",
        "}rM\\*",
        "]vTW#",
        "4x0*)",
        "+>uyY",
        "h6EqW}",
        "{{D],a",
        ";omh\"",
        "\"c#Az",
        "jP)3lZ",
        "~@cXW",
        "j.ra}",
        "`R3js",
        "?)`[,8",
        "5BEV[",
        "FormatMessageW",
        "C!&\"[",
        "TG>~.",
        ">CbFy\"",
        "yI{[[B.",
        "^u?]V",
        "zTcJh",
        "w{'jE(t",
        "xBQ9fS",
        "5z=*('s",
        "@~fm7F",
        "Co}vU",
        "R!v)bk",
        "Y)Q{ ",
        "igdRp",
        "2`&n\\>",
        "-}z~O4?",
        "?5K\"S",
        "[2?>{",
        "Aah9MsqF",
        "uS^R%",
        "K0;)$",
        "D}\".`",
        "F-<at",
        "7|iS'",
        ">YkgI",
        "3\"gZ!",
        "`{w1T",
        "}bM4|",
        "Gp5oe",
        "jyJ23}9",
        ".t8rY",
        "l0LxFLd?n",
        "dVG}I(",
        "c8U;i",
        "v]'9R",
        "kiJpd",
        "7i+D!",
        " RoL4",
        "PP)\\)",
        "<u|2PXYi",
        "c17y,",
        "C:=f<",
        "hxfH;",
        "p)3ol",
        "Ql|P6",
        "j<G%[=",
        "I>C2%>C",
        "A'O(a",
        "<$wG-z.`s",
        "ktt|]",
        "N%XT LA",
        "ig*Vr9S",
        "B(wsb",
        ")^ECW",
        "RH7(g=qb",
        "lACC[",
        "S:L]w",
        "}eBqk",
        "*]D]xO*",
        "]i_}V",
        "|{Nc:",
        "_cabs",
        "sSx_B",
        "GAgnY-",
        "l]v[%X",
        "lz[-W",
        "3N;*ZH\"",
        "Jf`T?",
        "<,nR5",
        "?<?G?",
        " :CUr",
        "~R^Lw",
        "<=G[EG",
        "L=!~&",
        "b1Q*6J",
        "@IOpa",
        ".[7IN",
        "ZCkpV",
        "l{(Q3",
        ";?X*wM",
        "(]dda",
        "eP!%6",
        "GLc&K",
        "LNC:)",
        "QSZyF`",
        "Ww(j9",
        "bB^9fn<",
        "y,bqq",
        "Rl7eM",
        "=6~&[:",
        "Mc_1K",
        "Wb&@n",
        ".;|)t",
        "AO?%K",
        "LI8BE",
        "kFNY5",
        "bzj5FW#",
        "UBW+)l]",
        "h53%?",
        ":\\:]_",
        "iQuRn",
        "\\>w@9",
        "0SrCD",
        "=Z;HGvO|",
        "|T&.X",
        "daP(&$",
        "*B`)w",
        "^.L~3",
        "`DV7C",
        "7hRQSp",
        "'ADb2p",
        "49;D ",
        "*u-tlNsB",
        "!m>&[q",
        "s{dMQ",
        "r-&md",
        "Nz*-)",
        "extract:",
        "\"cx7_",
        "bYT[i>",
        "q\\:]hg",
        "<Md4xc",
        "irbk%@",
        "X`4l5",
        "F-?wdf",
        "bJ+b\"",
        ">_t))tSb",
        "1#QNAN",
        "Kw]I ",
        "4R`IQ",
        "L|Bul",
        "EkPXY",
        "$4ShbK",
        "wR^j>",
        "6(RG9",
        "<k\\/tH^>",
        "O'@&0",
        "zqL@N_",
        "*Eheib",
        "X0qA)x.R",
        "U^hO5E",
        "JUs#o",
        "Jq|NG",
        ";?l)0",
        "+x-\\:",
        "wKvtV^",
        "zNZNb",
        "nE|B.F",
        "Ma5B%w",
        ",u[\"cs",
        "w5pj1",
        "3dIF|",
        "Ry-[@;",
        "RND.j",
        "[qvw,>",
        "GetCurrentDirectoryW",
        "0@^#=",
        "VS_VERSION_INFO",
        "`u|6d",
        "|{\"b#d",
        "vs_community.exe",
        "aph=9",
        "($/Hw",
        " /#4v",
        "md[!_O",
        "T]WO!",
        "(`X'^",
        "snj3(",
        "EZ@1.",
        "%!AH6",
        "3{)ad",
        "2Sh;[",
        ".>+[_T",
        ")G#`v{",
        "X}Y}\\",
        "40+j/",
        "}K xJ",
        "ar-sa",
        "Zf2S|",
        "qG$zw",
        "j2`)Xn",
        ">Y(sac",
        "JFxb,N",
        "i?)/f=",
        "y)\\eR",
        ".idata$4",
        "wvOIs",
        "*Hs8Z",
        "T(r^]",
        "5#636",
        "HJUX ",
        "~@R .",
        "O.c?c",
        "*w2i@",
        "p2{(7`T3",
        "jXkx;}",
        "/ly~<A",
        "4P#K[A9",
        "Iy;tx",
        "kIqNl",
        "J'q=I",
        "y};Vj",
        "8QIZQ",
        "SjesX",
        ",jYiq[",
        "X(}7<~",
        "jL}<?",
        "version.dll",
        "5L5l5",
        ":=A1.K",
        "5TTqXz",
        ",6%Mnm",
        "vds9U",
        "~WWz&",
        "KFWUR",
        "quz-EC",
        "N'VNm_",
        "?.xdH",
        "2d.g^",
        "?*@QZ",
        "JC;>Q",
        "Z>]Kd",
        ":odig",
        "lT6;-",
        "VqQA>",
        "1Fb`X",
        "C{OV6",
        "9HA4bY_",
        "$<yK(",
        "tIdI%#",
        "U,#c-",
        "b4Et]",
        "$sW&98Y",
        "q^JJ.\"",
        "IBj$2",
        "?Pgw4",
        " delete",
        "Microsoft Corporation",
        "Failed to get error message for error: 0x%x.",
        ".gfids",
        ">'N](",
        "ROS[a",
        "wOVmV",
        "m8VOuH",
        "mXU6{^",
        "P0g)f",
        "T|p<'n",
        "F-<gt",
        "{CvqG",
        "R}[Ox",
        "ne hx",
        "BoLZ;}6",
        "axNZ4U",
        "ly/h>",
        ">uaDc",
        "Zw]S@u",
        "*S4D%JS",
        "tbmlE;8",
        "LocalFree",
        "8nuRmL/z",
        "Z)%[N",
        "^4n\"rb",
        "?4?9?E?J?^?",
        "x'9d{[:b",
        "CG9ym",
        "A[mVy8",
        "#:hlVH",
        "rY!h'8",
        " 22m>",
        ",Ds9X",
        "WyLn-",
        "v#4_E",
        "=a[SM(",
        "5g303",
        "?GyBk",
        "uxs#i",
        "RY#!;",
        "zI%\\6=P%",
        "A<lt'<tt",
        "f>9'DN",
        "=== Logging started: %S ===",
        "2MK@1H",
        "_~OFT",
        "tT=L[",
        "~gw%j",
        "eG!0!",
        "$z5FA",
        "-(.!&",
        ".?AVCInArchiveException@N7z@NArchive@@",
        "P]NRM",
        "fw}ww",
        "G~mH5x*",
        "7&777?7^7h7",
        "ZuLum",
        "7|kufd2I",
        "6$j;N",
        "iu71X",
        "$yT<EX",
        "3UQ}~RB@",
        "T.uG1",
        "j5b1X",
        "cH#)uQ",
        "0.s<.",
        "^f<-0",
        "d`_r[",
        "eO%geU",
        "*#(x}f",
        "!bJ\\8",
        "&6f?\"1 ",
        "(?:0M",
        "TZ,gkTN",
        "$h*:!",
        "3N{t0,",
        "Pd.%5",
        " *v>|",
        "XE{|U",
        "D3I4q~",
        "8$Kd6G1",
        "+L`[-b",
        "4WjBI0'/",
        "fwyn%",
        ";)2O>",
        "t2D. ",
        "49xId",
        "GetTickCount",
        "656<6e6l6",
        "T> 7c",
        "uRk,X",
        "bQbn$]",
        "ar-OM",
        "F'O;M5",
        "VNY{'P",
        "K&#,@+",
        "ux@~rOi",
        "3wk1%E",
        "&L,={",
        "`@9}e",
        "rijNk",
        "=t6NtGl",
        "g;{cr^S~",
        "X4E%l#D>",
        ">;v~5",
        "252_ ",
        "l1C1>",
        ":U,lb",
        "TK{s)a",
        "BM#'f",
        "mgSF2D",
        "*Tc*[N~",
        "9!y$>@Q",
        "!6mdz",
        "-4^Lw%WG`",
        "[9Z*8\\",
        "s,g n",
        "LX`V{",
        "-+T=O",
        "I49)]6\\",
        "|-]})",
        "yx@Zj",
        " 6d[4^Hc",
        "#XBo5Y",
        "5p{>m\"lf.t\"",
        "R[iEu",
        "r}yf4",
        "N\"vg]",
        "a_uf8",
        "2q|Kt",
        "(l/pn[",
        "z.: *J",
        "y6B#I",
        "-w0-z",
        "NU2FW",
        "2e+fe]",
        "|p_{B",
        "wb:zX@",
        "U[-H.",
        "p!eh;e>",
        "[([s0",
        "|xzz:",
        "+3iv:",
        "JVu|{d",
        "MR:06D",
        "+?|q<",
        "D(;}_",
        ">j'\\M\"9l",
        "9@rFl",
        "8@-lu",
        "4#4r<",
        "wwX;l",
        "\"!ExX|i",
        "lR={lgHOQ",
        "8U t\"",
        "k0Zoi",
        "67,66",
        "&pD^.",
        "3r^wr",
        "-#|Gd",
        "nf<(s",
        "QQxPr",
        "vFB$\\7$",
        "5`#['",
        ".ubVLq",
        "`C*cso6fZ",
        "4DO\\=",
        "|OqE|",
        "1Rb'EM",
        "c(5,\\",
        "708Z8b8",
        "kZyc@nC",
        "w*LnZ",
        "`P\\ivQ",
        "DR2g*",
        "I$DbW",
        "sN7ii",
        "cK+R|C",
        "@/2#k",
        ";,>>1",
        ".q%wl~Y",
        "th-th",
        "jx&.$",
        "*z:R]",
        "P:B[Y",
        "J:;Yu",
        "GetEnvironmentStringsW",
        "aRL`,",
        ":5=_f",
        "p:/BV",
        ")t8{]",
        "'H/~O>",
        "s*dz>",
        "W{8'~%",
        "VISwl",
        "7>8]_",
        "_UbEL",
        "t\"1~f{%M",
        "BN7I~",
        ":8yC%",
        "~+-z\\",
        "3$3,343<3D3L3T3\\3d3p3",
        "z<5?2",
        "6DS+1",
        "uZ`aA",
        "V +V4+",
        "[q3Bu\\",
        "t>(%?",
        ",(POT/M",
        "9iD<}8%@~",
        "yVPLx\\.w",
        "Z]<:[Y4Qk^",
        "Qhttp://www.microsoft.com/pkiops/certs/Microsoft%20Code%20Signing%20PCA%202024.crt0",
        "i4~w@",
        ";A}0=m",
        "EMdwQ",
        "{r@R\\n",
        "4-rp.",
        "|o^J1",
        "nB;ufV",
        "\"U\\5@o-a\"@",
        "&MBUO",
        "XQqT!",
        "/R@||",
        ";8f~Y",
        "EqHd0V",
        "~p.(A",
        "='s`z",
        "LS.gl",
        "@yd@s",
        "Directory '%S' has been selected for file extraction",
        "qn <!",
        "\\'i}2",
        "o@>6j6",
        "Pk.5G",
        "4Q\\.N",
        "h,8qKI",
        "%y.Yyx-",
        "n:$=9",
        "nx^'F",
        " mG\\eD",
        "=Z >L",
        "ud`Pwc",
        "f,|8>",
        "=%f\"l",
        " `;{\\",
        "Sz]]<",
        "B[jLz",
        "AdRE6",
        "Of|kI",
        ".1T0+",
        "z|ZskI",
        "%e']0",
        "qp\") O",
        "H^eUJ{",
        ".(1sm",
        "\"utoH",
        "KAqz%",
        "4T`Thm90g",
        "aAZ{*",
        "j=3[0",
        "WCNW9tk",
        "Kr^Fx",
        "l\"S@|",
        "&'1Nh",
        "|/gG1",
        "kN9c5q",
        ")Uq6K",
        "! },')",
        " sv<Q",
        "s$ima",
        "?ptr.",
        "?ar!9",
        "ulz$2",
        "-ZGtv",
        "I60>!",
        " }Z!@",
        "*Y-e0K",
        "}VY*o",
        "iCS~JQ",
        ":cpNfF",
        "|KBoj",
        "?\\,B98U",
        "r{^!-v",
        "L8>w_`",
        "+/}IK=",
        "6hG{=",
        "FIaGVi",
        "L[\"fI",
        "9(9H9T9t9|9",
        " CRlkH",
        "6 6tND'",
        "Z*+Zo",
        "7tB=X",
        "%l@H(",
        "?='A`",
        "zP^Ix%",
        ".RXP[",
        "P7 {9V",
        "KZ]p.",
        "&7e f?0IT",
        "](>TH",
        "iMv,na",
        "k0mf,=",
        "`+c%,$8",
        " =Em?",
        "CK3G~",
        ">u$fl9",
        " zC=f-",
        "LgbSe",
        "5F#0>t",
        "8PV%y",
        "-i5.gHuhJ",
        "SPARC",
        "F0^[]",
        "@RVA%*v",
        ".:J5JJ,q",
        "+gG$<WJ",
        "`[*l.",
        "1gE5y",
        ")ik-w",
        "|KyA[=",
        "$T_?E",
        "PXnKr",
        "AKNm ",
        "230012+5075590",
        "1ZlZGd$",
        "Hl`5zbX",
        "so7<-",
        "p'}Rq",
        "`udt returning'",
        "'c<Ln~",
        "cXV0D",
        "[hNv^]",
        "\"tI@~L",
        ".L.UM",
        "nLl>\"",
        "wIo6x",
        "\"VXj8",
        "An|vy+d'V",
        "A(m7n",
        "G77gc",
        "ECG$h1",
        "I`J~$",
        "!^{Vc",
        "2@j{9A",
        "E+y?LN^",
        "\\G2[b-2u",
        "T'z/[",
        "3,u>L",
        "#d|Oq",
        "L_{S]",
        "mZN};",
        "o_W6T",
        "iSI!n",
        "6CA(\"",
        "95`r/J",
        "{u(.,qu",
        "8fqj\\",
        "n!s|/",
        "`r0Zqo*",
        ">~@2J",
        "ytQ_*mz",
        "rlf;u",
        ">v>h9",
        "\\7uT0",
        "eGJhEJ",
        "=}j:8)Z=Q=",
        "6Rk!&^",
        "+#&TQq",
        "@tutr",
        "c/8NSK",
        "zG+kH",
        "f@4@opT",
        "u9'k[",
        " vTx_L",
        "8/8:8@8J8O8V8]8b8l8q8|8",
        "FindFirstFileExW",
        "z\\CPZ",
        "$zOH,",
        "[Xe9'??",
        "2l>* $<S`",
        "b3|Lcg",
        "E`]] ",
        "|:5]Q",
        "',:R]",
        "-sqK3",
        "tqsb$",
        "NAPB~",
        "8 8P8Y8b8p8y8",
        "F~bD|",
        "F7ej#",
        "MG_yX",
        "@5?Z.I",
        "`vbase destructor'",
        "!<a)2",
        "&Da.G",
        "\"LcCQ",
        "LO,Kh[m",
        "@77fjt;",
        "$u<En{6",
        "es-pr",
        "6e5?n",
        "[j4 ZJ",
        "uYvg!",
        "X1`T+",
        "E UWy",
        "sX4<,",
        "i$3cE",
        "smj-SE",
        "6Xy!!",
        "lstrlenA",
        "__eabi",
        "V}J@&BhT",
        "i=za}",
        "tQT8W",
        "mIcs0Z",
        "[6E_k",
        "0Tk#/=",
        "hWEZ5K",
        ">8O_C",
        "5\"z=p!\"\\y",
        "SVWUj",
        ":@z&u",
        "x(:&Fe",
        "0-]Z9",
        "+vELZ",
        ":cb7B",
        "60ttq",
        "i e,bL6",
        "fQFxq",
        "K_R C",
        "T&(ju",
        "Y }}o\")",
        "r>>]7",
        ")8M4&",
        "P>DrA",
        "Ezzj7",
        "74HBlW",
        "Wn1l]$",
        "H t=B",
        "8jMSP",
        "]!av<",
        "#8Aj<$8",
        "yBo XJ",
        "4O/s3",
        "[.C!U",
        "S<[hC",
        "_im)h8?n",
        "AuMs{}W",
        "(qZc%S",
        "7o>W?",
        ")Q}R!",
        "rN:<,",
        "TV\\R=4",
        "HD>B}",
        " =:<%",
        "4%Qb^",
        "o!S+]",
        "'j3f-",
        "[{d_<Tf*p_8",
        "~#kG0",
        "O49JO",
        "$[5Ub",
        "sma-NO",
        "wz9M/*",
        "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>",
        "v/jC\\a",
        ".SK)3rB0",
        "E<B|e",
        "KI6i\\",
        ".G\\Ua",
        "n_pC3",
        "&V0Id",
        "$AUBM",
        "JB[~L",
        "|s7ND:l",
        "dg-K`$Ru",
        "7*M,*",
        "~n-p+",
        "GC`c:",
        "ncrKkE",
        ";L*:\\",
        "1M{zC",
        "^2B*ndw",
        "bboBaI",
        "7 7$7(7,7074787<7@7D7H7L7P7T7X7\\7`7d7h7l7p7t7x7|7",
        "GlobalFree",
        "2=0>O",
        "L+b)NW",
        "tRdK/",
        "Ad+1!",
        "Qi&C\"",
        "{7,3<+",
        ",Ni=~Y",
        "vy>^PM",
        "+hDN6",
        "jZz% ",
        "w7mbD",
        "\\.sn^<",
        ")6dBH",
        "`4+Wa",
        "9'PR'",
        "m UPd",
        "_(s\"S",
        "7$W:CE",
        "qrjo1\\R",
        "\\|r0E",
        "!0)0`0g0",
        "~7r\"O",
        "v)}%-",
        "~3\"4[y",
        "Nsd|Vy",
        "AppPolicyGetThreadInitializationType",
        "k$D5d|o",
        "L`&vl",
        "\"RdTb",
        "4 4&4;4`4s4",
        "[:2Q%",
        "s}(YF",
        "qy;|a\\/)AA",
        ".CRT$XCU",
        "=;>c>",
        "es-DO",
        "|1+!mvz",
        "oN#_b",
        " y?8S",
        "j.+|{",
        "RRRRR",
        "Mj^uw",
        "9H^0Y",
        "y<: 8-",
        "I0ITN;",
        "RbNbZHo",
        "{R`5'",
        "p/,vb_",
        "3MCO?",
        " :~V3/",
        "PP!8\\3:",
        "-j\\jP",
        "en-ZW",
        "{Vx0P\\",
        "eHQ7zG",
        ",6J_;",
        "\\~0Mf",
        "On_Ir",
        "\">%/y",
        "URhfJ",
        "@n2XL&",
        "!QL_Z",
        "=^i,i",
        "cqA V",
        "R'qphcY",
        "63!.;",
        "Hgh?f-",
        "7dz:,H<",
        "u*y2o/",
        "p|l.Q",
        ".2 c+",
        "F~/y(",
        "h99!w",
        "J[<gQ",
        "2:lUT",
        "-(19T",
        "A[iq@",
        "{'[kZ",
        ",_2aj",
        "Jb\\cg",
        "*Pqz ",
        "PYupQ",
        "'0m0w0",
        "ilLlIT",
        "YCc@K",
        "9d*%q",
        "75SQ_",
        "-<`pD;>{",
        "#Z/O6\\",
        "+s9!T",
        "e*4 rK",
        "Hg}LX",
        "bj5xQ",
        ".t9n&>p",
        "p[5-e",
        "rKW^5[L",
        "`vcall'",
        "6~%PD",
        "9GPj7",
        "nEgWN7",
        "g.'VJ",
        "aXWN7",
        "c_mc3",
        "PZWs1",
        "5+YW&}*",
        "0Ia\"`R",
        "/OH=P",
        "9Ut;2}K",
        "H>whK",
        "Xo1 +z",
        "*9L`+",
        "#@xXN2",
        "JdioQ",
        "l|%;d",
        "C}L^Y",
        "?Wj1`",
        ") \\ak",
        "Failed to allocate formatted current byte for the random string",
        "PostMessageW",
        "f{Fq|",
        "bHi3l",
        "Zb6^,o=",
        "Uk3Iq",
        "tjmo$",
        "lOGyC@ ",
        "c^O18",
        "`Ac&n",
        "1lp/t",
        "'3lGD",
        "T.V$P",
        "L_9Jf",
        "7;Q*_VzW",
        "*/+oll",
        "]7E1d`O",
        "~,->2T",
        "iAGfYP",
        "Wri{R",
        ",RX*J*",
        ",*SLtx",
        "?$faj6",
        ".-]ws",
        "0`N<E",
        "juaBG",
        "EGq?{",
        "AzM%d'",
        "(>1*?>",
        "EN'1G",
        "*7{l:",
        "J%K$%",
        "X?kR>p",
        "J4 7O`",
        ",+1R^2",
        "Z>VJ\\",
        "4V5[5m5",
        "@6cRg",
        "=,WBj",
        "a*8<B'",
        "0EIWu",
        "k#ex^o/}",
        "fJ>_/",
        "_.yc%",
        "B)O_{p",
        "%_Q|o",
        "8$S0O",
        ";X|6*",
        "NC'm4",
        "uI)H~Z",
        "0vfd'",
        "QQSVWd",
        "xwj0?$",
        "A$6Mk",
        "N|dgr",
        "User canceled extraction...",
        "l0,`F",
        "w3}C/",
        ">o|7K;",
        "|kl0#",
        "0:D6J",
        "<Iqt<",
        "p&z<<",
        ".'YUM",
        "|R9;kV}$Wh7",
        ":I\"YoU",
        "oOr&G",
        "tLKHM",
        "KVO^17",
        "w,h-S",
        "ff$AL",
        "W@q'M",
        "D^+{wx,?IcoH",
        ";]q@h",
        "~hhr<",
        "c>Q{#j",
        "+u8*xN",
        "),m|X",
        "~^in)",
        "152C2Z2",
        "l)'V|h",
        "3Tast",
        "K>rBL",
        "FA.uA",
        "EK^6.aU",
        "c~=#;",
        "#[p4R",
        "#=/VB",
        " m\\&}",
        "trT[S",
        "9C0~&",
        "8QOZK",
        "9V0~'",
        "Sh$14D\"jx",
        "`vbtable'",
        "PF[.dn",
        "CBd(\"",
        "V:~3*",
        "b.y-7",
        "zq(ce",
        "u0>L3<",
        "ESh^+|",
        "RICty",
        "tT^1o]",
        "Upu?b",
        ".tls$",
        "24'+HawN",
        "J@cpW",
        "&v]ZE",
        "D:H6+7$",
        "xI5ZB",
        "_NxUY",
        "7\"s9l(",
        "hb,\\ Cq",
        "Y:3Jm%",
        "3pw]Z",
        "T\\Hyp",
        "i]eP<",
        "?>},2",
        "0syBb",
        "p<ae^",
        "mV[dg",
        "|_>KVoN",
        "wD6-#",
        "LuHJe",
        "COM/Z",
        "3%>f.",
        "2L0dJ",
        "@s!0j",
        "VT2+)g",
        "5zC\"1",
        "xLP{3",
        ":PLI9SFH4",
        "upLrp",
        "9n)}!",
        "sz`e~",
        "VF*~]v",
        "1y,V2",
        "4S2x/M",
        "5Ii++",
        "8%F&H",
        "!21|d",
        "K@yFq",
        "t2$>r",
        "<nINR",
        "'C@Y<.",
        "qdse&f",
        "_@pZ3",
        "`h}&K",
        "2G|oSV=_",
        "n^hIw",
        "FOh]+",
        "}FGBrq",
        "{\\}aOx",
        "(vOMk",
        "Redmond1",
        "8\"1?l",
        "_)n:a",
        "Hmm<k %L{",
        "^6;'=C*R)",
        "fb_Uc",
        "L|4UP",
        "I\\V[q",
        "eOc#'",
        "T@c(=(9\"",
        "t3zKn",
        "Ft{G*",
        "Yv_Zv",
        "n0BgtX",
        "Qhk$^O",
        "wc\\KV",
        "7Y7f7",
        "Yr:7Qo",
        "?IZ3D",
        "+Ew%p",
        ">zPF!p4:hB){",
        "?}O6;Pr",
        "wt2{5",
        ".(\"@v",
        " m4s}",
        "u/&s%i",
        "\",ZEDY",
        ">#oXSD",
        "F!Qir3T",
        "MFLP2j",
        ",8qW?",
        "/qB%v",
        "2!2+2H2r2",
        "|46(,",
        "9JGzA=",
        "y;+)U=",
        "_li-u",
        "k[Lpmk\"[ZH",
        "R{1-~",
        "Q.&aVo",
        ",yWC'E",
        "TK|\\I",
        "`ece\"",
        "[1c,*1",
        ".KbK8",
        "cV4y4[",
        "'oQY:",
        "y|$C4/",
        "'k*R}",
        "2{y\\n4",
        "s_B@a",
        "{,D8g",
        "qp6,>",
        "1BbQ/",
        "+CPzL",
        "4.iK%",
        "^sbjj",
        "48Jmv",
        "0}KQ T",
        "qO%SD",
        "!FnwA",
        "WO}Z(",
        "xk:m_",
        "4zgkJ3vE",
        "clU`<",
        "Az?|!<",
        "p2>U7",
        "g{ho5",
        ":Lv<0}u",
        "<d|z5",
        "Failed to add file name on to status prefix: %S",
        "+CH>e",
        "5P-|/",
        "YO(4V!",
        "W-s9'",
        " r'oP4",
        "6[SE(",
        "o33lVDX",
        "<%0uP",
        ")7&RP",
        "U~6tz/;'aQ",
        ";{Tt1V",
        "TxB,c",
        "K|{^k",
        "KDP~9&q",
        "8CkZB",
        "VO3]\"",
        "V\\N%;T",
        "5Aqx?",
        "\"RO(i",
        "ex49t",
        "SRNOz",
        "H/?N>",
        "T4q:3",
        "cIP.o_",
        ".rtc$IZZ",
        "O(Z<iK",
        "GetCommandLineW",
        "On@>e",
        "W70hC",
        "8zs^W8",
        "EgDw+",
        "A6q\\-R",
        "j1T_h",
        " %v=)l<yB",
        "<T<X<`<h<",
        "es-ve",
        "TG55HZs",
        "2H>`EI",
        "m_71/",
        "@Y2lp",
        "w\\|&m",
        ".m<|AT",
        "g,HBD'",
        ":8:X:x:",
        ";1.po",
        "OT^S/",
        "@3>Vq",
        "*z>Zx",
        "y=tkuy",
        "#D$0#T$",
        "3KiPj",
        "xnflJ",
        "`nDk&",
        "MY3$h",
        "]up>-{\"",
        "N4JZr",
        "mSjf96f",
        "8_$Z+",
        "(Dg/,",
        "aPM4(",
        "w$Ln*",
        "9{}-q",
        "i8pMG",
        "JB=,D",
        "c/48SSG",
        "D(#A(*",
        "2m%rB",
        "&\" \"W",
        "426H'",
        "x\\ML{",
        ",/^'#",
        "_+!+6",
        "@UEf=",
        "ilj8t;",
        ":$;-;u;",
        "=sA)OJ",
        "_Tb)=",
        "rZoC2",
        "4c{zg",
        "0]MAJ1",
        "`[y9s*a",
        "O(x((",
        "d.hXg!P4",
        "hW_Jb",
        "Q[|VA",
        "sq-AL",
        ")p[Ke",
        "YLFj`",
        "4}%^|",
        "<OS\"<",
        ")#o6H,",
        "`V6,,st",
        "IiSD^",
        "S59a|r",
        "FHYc0",
        "]CFJM",
        "hu~0C*w",
        "/2=A'",
        "}!k=P",
        "VERSION.dll",
        "BAT)P",
        ")NEaJ.1'",
        "Z;c,)b04",
        "?zBVr",
        "4.mFI",
        "56.g61",
        "IE^S^P",
        "nI?6d~",
        "FdW@W",
        "XIu=r",
        "N!>]7m",
        "InitializeCriticalSection",
        "r3hj+F",
        "ID*;!zk|G",
        "_20nA",
        "T\")vvz",
        "s$Td[",
        "zpkR5V",
        "tI(C4Q",
        ")MS01",
        "4T{,}",
        "8CwR#",
        "]H?S!iH",
        "`typeof'",
        "GetLocalTime",
        "^]dG5@",
        "eovp&",
        "h6B^nV",
        "+b;W#",
        "7=n1#",
        "GKEcJ",
        " DR{{4\\",
        "L7/6b",
        "tV qoV",
        ",HR*(",
        "s*6ys",
        "Z~|DA",
        "I~|=PXx",
        "*W{%h",
        "F?^f1~`H",
        "37>#[",
        "*WE/O",
        "$Xh/f",
        "?$\"HQ",
        "+!c:##",
        "lD?G2(",
        "u99O-(",
        "`[I=.",
        "q8\"]k4",
        "o0%$!X",
        "2Gv+|",
        "}h2Wz",
        "Os(#P",
        "kmC=2",
        "5[I`R",
        "IM^t#?",
        "7NgK|?",
        "wd&cl",
        "HmRG{",
        "5ITq&k",
        "6*Q:%",
        "qqkHm",
        "!cO+e",
        " D,e&'",
        "6}>Dp",
        "w*_Sv",
        "vat~e",
        "fr-FR",
        "~\"X`$~/",
        " L1\"U",
        "J;4r3",
        "$#A8pq",
        "]dibP",
        "vn=9f ",
        "cn8PF",
        "4@oHL",
        "+1 eB",
        "!=dyG",
        "p/Jj>",
        "G2Wb{",
        "$6L_ ",
        "*J')z]oc[",
        "2,1%jn",
        "h)ll!:\"",
        "LJ0CK",
        "!,^b6",
        "'0sdT",
        "n$#HCuAQ",
        "iX@$1",
        "QlZVE",
        "'YLol,",
        "'bqK|",
        " >VLpP",
        "~_BAnOs",
        "r[\"h{b",
        "NRE&b",
        ".~Nl ",
        "I*nt$",
        "l}dV0",
        "\\6XRn",
        "}Vo\"K",
        "Failed to allocate box path",
        "F*>3b",
        "6*9nz",
        "8I5&A.6/",
        "#D Q.0",
        "UH+'<",
        "1cL>`4",
        "bCbq5",
        "x2?DK",
        "[v,2w\"",
        "PSgZApYk>",
        "xINa2vEM",
        "6}?V'T",
        "GS7Eu",
        "G@K;,",
        "ra8HN",
        "k)WCjQ,",
        "{p'o&",
        "iZzC&",
        "ctSuQ",
        "oqc.j",
        "ce6VwG",
        "X0tUy$",
        "2>z$`",
        "9s1Dj",
        "#MVQI",
        "tzs9B",
        "6!=gQ/",
        "(U=g-",
        "fb/Vh",
        ")zsp(",
        "#}6AM",
        "/c=7v",
        "$*y@@",
        "3o4C#=",
        "F0#d0",
        "xqqh?",
        ",ZLtg",
        "?5qfW",
        "\\8<CD",
        "YQNfo/",
        "&M+`uy",
        "<)?RT'",
        "9w8s\\",
        "e.zED%",
        "aT/@,Wl.",
        "SAD ~&",
        "A;P7n",
        "sbi\"]]<",
        "?ke0s",
        "5^8gD",
        "cM`_/i",
        " iD~D",
        "BNuL*",
        "ky-KG",
        "D&!C;",
        "t[Gt=N",
        "?j0g!",
        "#cK~O",
        "^7;!t",
        ":@;x;",
        "|C0,N",
        "-oM9z",
        "%LLFJ",
        "<PjX ;&8",
        ".<xC\\",
        " 9Ze<i",
        "gm M\"",
        ",d?.l",
        "Y */[f",
        ".%2'{",
        "U\"?<8f",
        "ofc-h",
        "083<}",
        "?J`N~OA",
        "s1pY2",
        "a:sEM}",
        ";*U/'",
        "=_B70",
        "st6y8|a",
        "8l&#<Z@q",
        "2 k= ~",
        "F|P_Z.",
        "XE2>\\G",
        "gRAYU>",
        "c+dMG",
        "SzLk^",
        "J~t)=C",
        "5aB=W$_",
        "MY2& ",
        "' .+N",
        "(38![",
        "OgfIy",
        "`scalar deleting destructor'",
        "Ii\"-m",
        "cJeM1",
        "#(e2I",
        "ZR\"!zw]P+",
        "YRtK~",
        "Failed to allocate memory to hold container handles.",
        "n[O@\\ln",
        "u47}J",
        "Mz~*#",
        "rW$BAz=g",
        "`iA93-w",
        "(H+,4@",
        "h\"42l",
        "$.\\O;]",
        "\\t4YzU)\\",
        "a_VG5",
        "e^U0E",
        "0K<fV",
        "{(Un%",
        ")e@]g4",
        "?<IH+",
        "YYV5L",
        "O#>F|",
        "?(r7G)",
        "IX7##N",
        "up|f{X",
        ";kn:/",
        "]x (5",
        "eg>jC",
        ";|m%u",
        "*+~@O",
        "ml-in",
        "w.5)IFp{",
        "~wp6`",
        "+bTh2k",
        "RH`>c7A",
        "<\"Rf0",
        "B4KP)%",
        "Z1r0g",
        "=u4:z_",
        "B]8+}",
        "2 2?2f2",
        "3x3j{",
        "(lnkp%",
        "TjV{eRBk",
        "VPh[=",
        ",Le`S",
        "SBwkV1z",
        "NG9^I",
        "&$PKc",
        "-`7(.",
        "$_Aiz",
        "u,5-P",
        "E`00j,",
        "3WH/#",
        "@7wqLA(",
        "_fO'v@",
        ".CRT$XPXA",
        "[mY%=",
        "ExLF/",
        "LoadLibraryExA",
        ">:?V?",
        "{z}=*",
        "h%sv=",
        ",INz2",
        "VJW6~7\"IBp",
        "<cu zU",
        "#o;08",
        "9'6|4",
        "'& m]",
        "VE|t/P",
        "5|i`s",
        "1r%Qt&",
        "X%+b-",
        "*tR%u",
        "(PUk ",
        "6|F[r",
        "sq-al",
        "7 ^W|K",
        "S'6CD",
        "j{by8",
        "R8*27/.",
        "R~4yF",
        "z7v96_",
        "26!9$",
        "}_ji!",
        "3cF,s",
        "eZLb6",
        "bX6BFvekm",
        "I.|5|*",
        "Ai?f'>",
        "R0kw%",
        "yPj(5w",
        "\\R(eU",
        "YO~=/",
        "Failed to set program args",
        "@m1@?",
        "mUW-!",
        "3A-3}`",
        "`{T&e",
        ")wQQp",
        "-0Sd3'",
        "%Io2*",
        "P1u<E",
        "167N^",
        "+LcTj",
        "d-30f",
        "{)(l!]j",
        "o#t'ym]",
        "fa-ir",
        "E%r7/",
        "F|X2.",
        "&Wp%apE",
        "iSmo2;",
        "e5\\(\"3",
        "Ul:5r",
        "xB\\,d",
        "- =lf",
        "4lp:N7",
        "<,,&|",
        "8&[O7",
        ".'zfn",
        "dXa3D",
        "39wPl",
        "}5d I",
        "8r(NFf]",
        "+5/9r",
        "U$hOy",
        "iR#l?i",
        "}E,1C",
        "t&o'q",
        ")Oupm",
        "A=+zx",
        "Gxa$`",
        "si}QAq3\"\\",
        "]1\":P",
        "c=N^v",
        "zGQ-+S",
        "nan(snan)",
        "mky6<%",
        "f1Nrl",
        "http://www.microsoft.com0",
        "S1I-}",
        "qUEvng",
        "ta-in",
        "hJD<Y",
        "V^C0;<,",
        ";[HJgoQ\\",
        "Nhttp://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l",
        "~$LQOB",
        "cmsJ-",
        "323S3",
        "t:`eQ",
        "fi-fi",
        "lOe_@",
        "NIpc/",
        "w!U9QD",
        "AwZaMK",
        "[Uh|B",
        "Failed to preload libraries.",
        "pypp*8",
        "zeRTj",
        "F A>\\",
        "R~#6@R",
        "nC$dF",
        "T#`#I",
        "Q+2g\"",
        "4v;k]9",
        "1\"sBwF",
        "9mt5^>Oin",
        "noCleanUp",
        "1+w,~",
        "4h1q'",
        ",EMa5",
        "K\\;%3[a",
        "wPnsF",
        "K.VEd",
        "8t[bc",
        "OR<X=3",
        "V2'aIM ",
        "\\dd_%s_decompression_log.txt",
        "kx{x+",
        "--&[tqw",
        "},Eex",
        "3Hw4m",
        "6{NYU",
        "';gaM",
        "Ath>}m",
        "eZ\\TF6",
        "VTA5c",
        "zxm<Q/",
        ";XoFb",
        "dMF}k",
        "W;8t,",
        "u_f[:",
        ",f}E]",
        " !a)%",
        "05e655;0",
        "fl#tg",
        "ar-eg",
        ";?$:B",
        "&BB>lu ",
        "5e8c.",
        "^.,KO",
        "S@yT?cD",
        "T:?iGh",
        "V!8@Z}C",
        "+jr\\b",
        "hX?K4`",
        "=G2HJ",
        "4#qN^",
        "aw#$[",
        "7$U4 Q",
        "-4|\\A",
        "en-TT",
        "#p`=Y",
        "Wy'2X",
        "U^T<+",
        "R*`r=\\",
        "g:FgR",
        "}SJn,",
        "kMWxd",
        ",vWV.l]",
        "(sG;M",
        "&&I8l",
        "=Y]FH",
        "ur-pk",
        "V4\"3p",
        "aN)l3",
        "=u9feh ",
        "S`tEyq",
        "W/\\k{,",
        "B3E#c",
        " !1}`",
        "K;$v:",
        "`^j\".",
        "r8z<>",
        "kVlQW",
        "4HVw]",
        "Yz*h!",
        "5s@8?U",
        " new[]",
        "qcRfT|",
        "wYFOU",
        "hz+_t",
        "UB#Dt",
        "*n0?J",
        ";;i `",
        ",@8Yh",
        "!.K7?]",
        "xl@z@l",
        "4v'4>",
        "[qoyS",
        "Y}^CMtX$L",
        "+,WiY",
        "u.zl+c",
        "F<vC]",
        "v_!t\"O",
        "CP;{D|",
        "viz*/Q",
        "`b!dN,",
        "Failed to select the user-specified directory for extraction",
        "Qki|p",
        "{uU^\"s|",
        "_e/l#d",
        "t=<,w",
        "QwDQ7-",
        "[9[p9",
        "[|zjA6",
        "Q:ijr",
        "u\"X:@",
        ",`3q$",
        "oI1=3Q",
        "\\2-7nm",
        "Uk':%",
        "Gmjpf",
        "`iR(u",
        "Oy\\Uf-",
        "pB1<y",
        "/<K{4",
        ")uISZc",
        "eGcze",
        "==Bui",
        "83:9D",
        "a2|nd",
        "VhH4W'",
        "!V,xwj",
        ".72-z3",
        "&UPc+v",
        ";1N, ",
        "3P4+525_5f5",
        "InitializeConditionVariable",
        ".XwBx",
        ": jCP",
        "=$=,=4=<=D=L=d=p=x=",
        "\"u: <",
        "]T_W{+",
        "?M~[J",
        "zTO5MI",
        "x:N|*",
        "P6{:*",
        "'P>I$9",
        "2#3P3g3~3",
        "Vl^:?",
        "c8EKN",
        "eE*-;",
        "54KvJX`",
        "h(0:u",
        "H'PpQ",
        "O^2OP",
        "R\\d.g",
        "4z(#U:t7",
        "lKERNEL32.DLL",
        "kk^5&wlI",
        "|B4EN",
        "BCryptFinishHash",
        "DY0x{",
        "a&5gi",
        ";/gmbe",
        "?_d1.4",
        "m~Xnoa",
        "TXTjP",
        "CQZdV",
        ".text$mn",
        "KWhC5",
        "|Ab.Li",
        "because it was unable to create it in the folder. Please make",
        "|1}JO",
        "VCzrv",
        ")@c<bC",
        "pkScR",
        "0Pu8~z",
        ">C*UV",
        "cFJ :~",
        "SP;+2",
        "*69pU",
        "]'FVx",
        "Ub RJ",
        "6R6V6a6m6",
        "2N'bPtAbfm",
        "# x(YX",
        "kPZiB",
        "pMxh*vy",
        "k<}ctcj",
        "UJBQ)&",
        "-AG|A3m",
        "7=<qaBw$",
        ")/Tu=",
        "pcE<K",
        "|1:61",
        "Vx`Uk",
        "=/PI+T",
        "g'[*A",
        "mS[/BB",
        "~PaO6-p",
        "u^g^3",
        "89\"Me!#u7",
        "La@G w",
        "ib)79",
        "%tt1<",
        "JKq8s",
        "UOULT",
        "CA[\\I",
        "m0#N7R(K",
        "{PVpw",
        "T(=&!",
        "F\\g'f",
        ">7g#Vto",
        "*t`=+",
        "{%)&g|",
        "?.i8S",
        "h/K.@",
        "zW>!M",
        "\"3,-o;L",
        "h!qbK",
        "[&NT=",
        "\\-az!",
        "toiu\"",
        "W6}fm",
        "l:>)-",
        "+bGw)p/C",
        "4h^4p",
        "j$EkF",
        "r5\"[F",
        "L7?a9",
        "*f,reh",
        "P4ai0",
        "})pC&[e",
        "UVT'V",
        "WE|'q",
        "`9>L}I",
        "nl-NL",
        "[0lk.",
        "M<?Ve",
        "/b0|>",
        ":Z6~K",
        "#^{Gr",
        "gulK#",
        "=~/an",
        "Okmg3O",
        ".3I$l",
        "D$$wtva<",
        "| 8&T\"",
        "j[QH4",
        "$m,Opa",
        "G>~91",
        "Hnv=H",
        "')~>$",
        "R%EdDzW",
        "mj 0 ",
        "HV,{k",
        "k>z^\\",
        "}*BWh",
        "x1k0!",
        "h9E|+",
        "XTnmI",
        "N0LX[",
        "*/X/U",
        "*KG=&s",
        "es-cl",
        "r]t15:",
        "0yDy\"",
        "J)-r~",
        "=2&u*4",
        "XAd;) ",
        "++Irt",
        "r_si9",
        "*>S;'",
        ")+^U`",
        "CNb,u",
        "jkDE4",
        "1Vy^@",
        "|8h6I|",
        "Qs4>o",
        "&sC%GJ",
        "9<6i9s",
        "> \\y<",
        "ZCI I",
        "X3MCm",
        "|PUxS",
        "lBq`][I",
        "f4LjK",
        "\\NX~-",
        "FT\"?b",
        "ZL1el",
        "A:Gx'",
        "maC*n",
        "T~! O_",
        "`g(HY",
        "vr~.[6",
        "hqe_YV",
        "es-PR",
        "N(\\,Y",
        "u*xz<)M",
        "L=^o_",
        "%C1'V`",
        "=%=.=9=@=`=f=l=r=x=~=",
        "Y> #%:",
        "Failed to concatenate the formatted byte to the random string",
        "BQaVjY",
        "]6\"fF",
        "tb4k:",
        "\"J@){^",
        "6-)@P%",
        "A9k}_",
        "x.x)3",
        "q=|BW",
        "3U,;1r^SS",
        "nxZ=%",
        "zoBXe",
        "`1?un",
        "&dAjj",
        "9gvAk",
        "N%vF-",
        "0}bPh",
        "n%m;0*",
        "4eoo6]",
        "D<`ms",
        " --env ",
        "9Pt-I",
        "XMI$o",
        "V=IMC",
        "q%\\T2",
        "{_Poy",
        "gLd1M",
        "qMdy)",
        "!$(Dy",
        "+1zm)>",
        "\"B <1=",
        "1O2a2t2",
        "gQ0>A",
        "VQ!uT",
        "+Ssx(",
        "^F7\\?",
        "'69#z",
        ":yPRL",
        "|Yb]]",
        "9x'>b:",
        "a]6wi",
        "@CaQX",
        "X=@YCq",
        "q?9J+",
        "81/#{",
        "e>|Y=",
        "tcy,n",
        "?u<P>",
        "-XJH,",
        "VirtualProtect",
        "_Mx'l",
        "5RAaZ",
        "YS!ZJ",
        "1 5_.",
        "\"1+xH",
        "`5jp+T",
        "FeTHl",
        "]~+a?s",
        "!RUE'",
        "xj`9>wG",
        "gK(#V%",
        "4&*cW),",
        "u8 sR",
        "ru~`cU",
        "rnwQu.",
        "(l^uR",
        "jdvfy",
        "NXf0]1",
        "zZShpn",
        "+Ut3&",
        "6yv(rr",
        "v3<$w",
        "9MSST",
        "u}HrH",
        "[o\">J",
        "tdBv?",
        "sKqVD",
        "q1\\Ree",
        "?|]1S ",
        ";|L*|w",
        ".z5mm",
        "M,@%>",
        "'w(EK",
        "uSF}i",
        "+JXY+",
        "5OIX\"",
        "j@0>/",
        "cK`%k",
        "s4l{Bx",
        "J9}\"(-",
        "vVsCg",
        "</=]=x=",
        "_}~=ve",
        "!This program cannot be run in DOS mode.",
        "Tuesday",
        "K/R]d",
        "]es-f",
        "hi2i&P",
        "Z5ov,R[",
        "k]r~s>",
        "Jy!{u",
        "Y(qX-",
        "-m,}+",
        "5}+u!",
        "%#g;n",
        ":j#xK-",
        "yv0zO",
        "L8i4oo'",
        "pIy(bbs",
        ",l'2qQ5",
        "$?oRh",
        "~-!onuU",
        "t:Y&es;",
        "ka-ge",
        "yg99w",
        "oS[/U",
        "KW#YZh",
        "Vw_cJi",
        "iD+_,/",
        "TMz=$",
        "5VS'%",
        "$V7Fg/",
        "|bg^!x",
        "Q&|/Ob[e",
        "KNtg11",
        "VAp+Y`",
        "%<G?jP",
        "\"}Fc^",
        "miHUV",
        ";8C|?o",
        "zbmke6",
        "2%Rmu",
        "v..Ibr",
        ">IU9r\"8+",
        "3Rg=!",
        "dnYuqZz",
        "ud_^[",
        "tXkFk",
        "k*,b{",
        "Xl<%rJ",
        "V7$n  ",
        "DdQ)%",
        "*(9G%+",
        "Ph%1}y",
        "Sd\\E_",
        "-WIwB",
        "5g~ag",
        "N\\H8vL",
        "abi!S",
        ",W.CyV",
        "@z5y7",
        "orO=z",
        "?`}xt",
        "#AY s}",
        "k>j9P",
        "c7Amz",
        "f0h\")",
        "gC,gH",
        "Wi)M=",
        "+IIX g}=E",
        "?6?C?s?",
        "PgH1K%1",
        "2G^\"k",
        "J?o>dA",
        "*xKSFb",
        "`omni callsig'",
        "i=iT<",
        "P*\\_fCo",
        "%FJdW",
        "\"<ZT6.",
        "W3,33",
        "7<e.+{i",
        "y!Wzm-",
        ")<}F{!",
        "%N/yV",
        ")q-M<",
        "~SM`(",
        "w#jlV",
        "CrA?v",
        "d]FLu",
        "]rf7r",
        ",*3Ll1",
        "}'8?)",
        "+2-!e",
        "v<7y~",
        "^yp\\s",
        "}4{D&",
        "qM(;f",
        "7E#TW",
        "uV\\ N",
        "ltRgd9",
        "\\`G!Q",
        "j~vaj.U",
        "kGq6>M",
        "mscoree.dll",
        "F*nL9",
        "$GeUp",
        "Y-%O j-",
        "SiV!\"",
        "=qpXO",
        "^$Qfa+,",
        "q2HPG",
        "GjX:8",
        ".w0cl",
        "y/X4A",
        "&!r2\"",
        ",G*<c",
        "Ylr@Kh",
        "9:Ne_",
        "zDAA:",
        "as.,k{n?,",
        "JH,_`",
        "~\"n6ZF",
        "474Z4c4v4|4",
        "`NcdF",
        "ajphP",
        "0F\\T4",
        "yBz-|",
        "$?w1d",
        "\\tmse",
        "I=.Fd",
        "Ji[.{",
        "f,X!F",
        "LR+N.",
        "B`0_l",
        "DsB+,",
        "GFSv>",
        "X2}3\\",
        "#6<40<",
        "j3`B_D",
        "5%|K6",
        "Yo+@9",
        "ktQcE",
        "|[Q\"!",
        "LoadLibraryExW",
        "cge.I",
        "L(.wV]",
        "%* 50x",
        "$+I\"K",
        "EE&if",
        "@y8_de",
        "I{ojRA",
        "P2k2'",
        "D{Y%@",
        "I:Gb4tv",
        "Sj8-'",
        "6|g'f",
        "{5wQ_[",
        "KdONZ",
        "e9lA\"",
        "sY\"id",
        " )8=)x",
        "aAy,U",
        "pldZI{",
        "ns-za",
        "0Qh'[",
        "nl-be",
        "6lMPBe{%p",
        "B$n;D",
        "}on0]7",
        "*pui:",
        "#\\+7jd",
        "\"/qo0",
        "4:eqm",
        "<RGhd",
        "Ce['{",
        "be-by",
        "_\"B3f",
        "lzH!7",
        "O{.=h9]",
        "sr-sp-cyrl",
        ")+R|2",
        "k&Y\\a`",
        "qeS\\E/",
        "@xeb|e",
        ";td}{",
        "F#!zj",
        "</=b=",
        "oF9ek",
        "[+SI<",
        "?);'.",
        "qAG:sUd",
        "\\P_e<}",
        "en-ph",
        "CryptReleaseContext",
        "B`LdH",
        "I,9gv|",
        "CY*^2",
        "vkRP>",
        "ej{60 p",
        "tn-za",
        "0c6Dkz",
        "tUpgC",
        "]S{af",
        "-N&G_pW",
        "aa;-u",
        "TuOaU`",
        "wivXI~_H$",
        "i-2!5",
        "}'R9D",
        "a2yU(PlE*x",
        ";Sv~eT",
        "pt-PT",
        "38q9 K",
        "~P6D.",
        "Gs}&y",
        "es-py",
        ":y|u2",
        "%')\"!;L",
        "T9(-^",
        ";~.kB0;$kbB",
        "\\WHhM",
        "8P\"VE`",
        "VNTex",
        "{$=R,",
        "wlV}ak",
        "PAkSm",
        "?&>rH\\",
        "[FnC,",
        "e&E@J",
        "@7)' \\",
        "|`r6w",
        "Hlx[K",
        "H{1#f",
        "LjB|o",
        "6+Ku,C",
        "Xmc}N",
        "c?i&o",
        "6y\"P4",
        ":Bc e",
        "9_QWqL ",
        "YP~?`",
        "=\\T^\".Ud",
        "1JSec",
        "V%mKi|",
        "'\\;M,b)",
        "SDHF2)^F",
        "b!QjW8<",
        "menx\\Dr",
        "m-Uq+",
        "DHY>Z",
        "Sf)>4",
        "Q3zoz",
        "Z``(J",
        "9{D~P",
        "u+=H ",
        "QRZ6Q",
        "x/rS\\",
        ")WjET",
        "PWT$e",
        "N9Y=5",
        ">>!}Qh",
        ".*(Yo",
        "4;9#TEy`",
        "yV]d_",
        "]6NE@",
        " WcqEI",
        "ahfN/",
        "70787@7L7l7x7",
        "kRRes",
        "2,282X2d2",
        "o&l@h",
        ")~}Io}4;/. ",
        "Z0qE|",
        "/d&0kUN",
        "v8|/*",
        ")'EVWm}V%:",
        "Q#HI?",
        "nT1`<",
        "26h;,~",
        "Failed to get the directory control",
        "RPCRT4.dll",
        "7_ 1e",
        "d=yoc4",
        "2B^IB",
        "%0|p=|S9*",
        "\\+I.5",
        "W:\"v&",
        "4{$~L",
        "]~#<e",
        ":(2\"z",
        "9O=<`",
        "DtIbW",
        "jme:N",
        ".vvP'",
        ")xBGX",
        "es-MX",
        "CG}Fi_",
        "djlEKA",
        ":}ps:C",
        "kzNkG!",
        "/z.$kt",
        "yfpONAt",
        "EpJl+",
        "S}4[)+\\Th",
        "*LWf/",
        "c3Zsg",
        "K*t^x",
        "ow!M<",
        "+_ ~}|",
        "EW5i@",
        "uR\"u|",
        "F `6r",
        "Jb620YR",
        "Bl5W,",
        "Syb<a",
        "#in6T",
        "wl8r^",
        "+)tXc",
        "/`4=EFw",
        "<EsA-",
        "R*BKQ",
        "9j/SC",
        "tq#YT",
        "E&1tu/",
        "%-*cb",
        "#Sw6y",
        "#{JIe",
        "Z$c<-",
        "VS]0!",
        "'x@D%",
        "3<DC4g",
        "oSX_]",
        "-m5/T",
        "{A;B=",
        "]/Zn;",
        "mr-IN",
        "`.KmWJ`",
        "G@(]Q",
        "T}u\"%",
        "vac{@Da",
        "tSS6dG",
        "i=[>3J5t",
        "{tQ:x#ra",
        "t(N>@<l",
        "A=HO{",
        "\"w]g7",
        "#fP~P",
        "1 1(10181@1H1P1X1`1h1p1x1",
        "f_Kw`",
        "u Gx7",
        "]zoxF",
        "IX!+C",
        "b9-/t",
        "x)5*Vm",
        "8S`,l",
        "\\5swG`",
        "fqTmO<NoN",
        "U0S0Q",
        "+c:Q7",
        "l4'27",
        "Failed to select temporary directory for extraction",
        "K;5|<ub",
        ">Z\"aK",
        "W3A5]",
        "d,zD6",
        "o!E@y",
        "{kc|S",
        "icg?:",
        "e2f0?)",
        "%(_T|",
        "0!r50f",
        "LgF8d",
        "en-ie",
        "y)8n|jr",
        "?o>X7",
        "V[^ 4",
        "W\"N?|",
        "@e5e$",
        "f/6kmC",
        "=Cqr}",
        "~n$<J",
        "CE0)~",
        "<Y),k",
        "])0qF)",
        "q7(m ",
        "]dmY9",
        "LDm5_ge6",
        "3*W-N{n",
        "g=!Gni",
        ":xjGYv",
        "^4)ywN",
        "t5hMq",
        "7Box5}",
        "`placement delete closure'",
        "sr-ba-latn",
        "mdx)e",
        "%1$#`",
        "R[v b",
        "MSr+0",
        "T+rs:",
        "|-tdD",
        "Am1<^",
        "]L:A\\",
        "xV<WR^",
        "1alFY",
        "_DGrunx",
        "#F2*z*",
        "%EF5X",
        "?vU{x|;",
        "r0[E;",
        "8ph~(",
        "BiRB~~]",
        "6c9M@>[",
        ",V{J|.",
        "8Gk ^",
        "Hrc%i?",
        "E}xMP<",
        "ncN~)",
        "5Rh\"gD)U",
        "IJ-\\:x\\t",
        ",5hEZ",
        "#n@7~",
        " 7*'~",
        " DS2>",
        " w>2L5",
        "Jk Q~",
        "9n&py",
        "1M)7v",
        " jZFY)",
        "k_5UT",
        "T(vJg",
        "*])\\+",
        ">Mi#+",
        "C&{D4",
        "ek.Wr",
        "p\\nG<",
        "Z#&o]",
        "{}#z5",
        "vgU`fM",
        "$NuvY9",
        "ndTu5",
        "SendMessageW",
        "sjh2!",
        "iq4ib:",
        "M8m]A",
        "]lMye",
        "viBnU",
        "7;8uuW\"",
        "x!-n%",
        "~z\\s*",
        "F.Bjt",
        "-@w-sA",
        "}[MPv*",
        "i,bV;K",
        ".bk;T",
        "};sL5",
        "q\"46]t",
        "m3So`",
        "n Z7R",
        "RL~vHT2D",
        "To=0q ",
        "e8xVVaoun",
        "h/z+`;",
        "!OoUT",
        "5|S(PG`stEH",
        "LCMapStringW",
        "kP}%y",
        "D9zHb",
        "/B:2XX",
        "}]V ,",
        "!0h|qW2",
        "8cUh*D",
        ";n>W{2L",
        "KD|8AZ~",
        "Pgn4f]Z>",
        "p}kwv",
        "lZTjF",
        "z@N8A",
        "9Ansv",
        "1t,b9Q",
        "1N:noy",
        "oV!~K",
        "9{IVQ/eLh",
        "iSTGSF",
        ";Lk^6",
        ".$Cb<I-",
        "Jwn7h",
        "m2pc5",
        "<Jqc2",
        "=$fN)",
        "SetFileAttributesW",
        "ZyVz`'",
        "H&c2e",
        "}9j)Mb",
        "w@'L4",
        "g%`I\"k",
        "\"AwD!",
        "nnpwt",
        "T+^9,>",
        "yP5_+",
        "VC)Bc",
        "1ldK,",
        "o)V4m",
        "BVCnz",
        "6&[K|",
        "P!1N9g",
        "&XNn* e",
        "U`~{'",
        "VD6+/",
        "N^'7E^O}T",
        "2+&H;",
        "w>ZC4gF",
        "9_CJ{LwZO",
        "bYoh`",
        "=\"}h(",
        "y-_q4",
        "vd_2!",
        " NC}rtCD",
        "Aoo$sh",
        "h.A$xks(",
        "fo>Am3",
        "`,J9)y",
        "Lh[Yl",
        "BEA6|vIR",
        "CompanyName",
        "e~^%Z",
        "Bmm}Q",
        "\\i[\"%",
        "()]\"K",
        "7>1:;K}",
        "|X 7[",
        "jFGCeP",
        "`{4LdT",
        "xR%~Jv",
        "3:m.]",
        "zh(T\\*}!",
        "r]c=s",
        "JWmda",
        "<E4Hy",
        "H{LpeH2",
        ",A y&",
        "4~+mD",
        "f$Md}",
        "vnDw(",
        "6%Gho",
        " 8TC|",
        "j'yVr[",
        ",:D&|C",
        "}ni4\\",
        "N743l",
        "cFl9LEm@}",
        "^L_^[]",
        "`vector vbase constructor iterator'",
        "Na -~",
        "RdM5-6W",
        "_ognm",
        "DlnOA",
        "Uy^\\:)",
        "JG|>1",
        "D'cxo|1",
        "is7tI-/:",
        "42#'W~n{",
        "(.D3s",
        "g}moK",
        "2l[X~",
        "#?/_M1",
        "ikU;.(64",
        "&!X+`",
        "=~eSi'",
        "Gmb,M",
        "K/B^v",
        "9d<o__",
        "A9XsWKL",
        "91$fH",
        "bTJMZ",
        ".8&x5",
        "FD/]k",
        "x[ebE4Ix",
        "95c}Vp",
        "27~|*",
        "X.%q<\"",
        "Z2 4t",
        "HIpRo",
        "cV$M!^",
        "W_[o8",
        "1h(UZl*",
        "-p_47",
        "[pb7`$",
        "CompareStringW",
        "Dr:iz",
        "kUt/oj",
        "yP*N#",
        "[W(sr",
        "LR+6^",
        "\\IXPAG",
        "(X2}I",
        "B\\Y(?",
        "g/zs$%",
        "|*_5o",
        ".=495",
        "<'{<u",
        "787^7k8",
        "6#6D6T6\\6a6l6",
        "*{U[(",
        "+YCK~",
        "qQCx'{",
        "InitializeCriticalSectionEx",
        "Extracting file: %ws",
        "E&Fz#w",
        "Dn'/:",
        "Q['\\{",
        "DSQpsb",
        ";Gzs2",
        "3oNAd",
        "a;9L2",
        "&M!dXa!",
        "JwR/o",
        "dz7n-Yj",
        "4h_ML",
        ",/0SfTY",
        "{KOmM",
        "TejdU",
        "<G9Lu",
        "hVUMm\\",
        "R0P0N",
        "_W-\"s",
        ":0;A;",
        "!y\"=kH",
        "UBkE%3",
        "gHF\\[u",
        "?~97|",
        "q^]i;",
        "0(Yk`",
        ">^bx`",
        "Ea\\B&",
        "kMykg4",
        "v!Am<",
        "pnmw8",
        "?np?;is",
        ";0ZQ/Z",
        "f{y%G",
        "%p=;/,",
        ":j}2G/",
        "%z?xy",
        "~YQuY",
        "|bE(n;Y",
        "4u td,d",
        "9W`'r",
        "lC|i]",
        "&;%YO",
        "KH@o,",
        "e[\"CQjf",
        "98mJc^AA",
        "k|i>q",
        "?=G^<",
        "Os48?>",
        "rq>=)O",
        "5p^8[i",
        "!%*y\"",
        "Dn-EFu",
        "KMI)!",
        "t'T ;",
        "9`Y9bR=",
        "f~e]I",
        "3.2*+",
        "~b_r>",
        "&.c0^\\",
        "l4XP(v",
        "0W5u$x",
        ":5\\Ln",
        "SZC0W",
        "G7KkE/",
        "<,(;}7",
        "_pRdg%",
        "U!7#[xOjo",
        "V2C!M",
        "Oj~a+",
        "rFFkAq]}",
        "9wWKE2",
        "*lJ$1",
        "V>#!pgb",
        "x{>4E",
        "&&!-\\>",
        "8U]_f",
        "*2Hr:",
        "#oc]Xw",
        "K=i;9",
        "Q2*~k1",
        "b+zul",
        "t',4K",
        "Lu/)&",
        "[N*dw~5",
        "W/\"ea",
        "jI5>7R",
        "+<t..",
        "Mx%z*o/",
        "9$909T9\\9d9l9t9|9",
        "4(zNY",
        "Ef*2D",
        "BCryptCloseAlgorithmProvider",
        "I(?l6.",
        "dHB0+",
        "G@+I!3",
        "NG5']",
        "XJ<lw",
        "k0?u]X0",
        "cy-gb",
        "Ub\"bJ",
        "5>]\\f",
        "-:q{6",
        ",TT2<",
        "4ChS:is",
        "2E$\\E",
        "GOH8i1g",
        "  Y{@@",
        "cC<#~AI",
        "^>\\c\"",
        "yA({@`So",
        "(S$L@",
        "Df64n",
        "WU;Wi",
        "|$cJ8",
        "Thursday",
        "l><T~'!",
        "Z?T[v_",
        "\"(\\\"t",
        "PzPJ)",
        "?8-o^",
        "NOx'o",
        "En+/Y",
        "CHCtg",
        "^Fyp&",
        "t<\\='",
        "k$jTs",
        ";t)H@",
        "Y(;E\"lY",
        "Mov!{",
        "35~Lg",
        "J>++%",
        "!%mZZ",
        "A([lBD",
        "Kc01%Q",
        ":9aB[",
        "(nO9:h ",
        "FoaHF",
        "]7bHk",
        "8Sq'h",
        "JA49%Rp",
        "6.Sn!Dwn",
        "V*Ba*",
        "W]N\"?",
        "#@9yE",
        "k~R\"1",
        "_f<[%(",
        "%rO0vY.",
        " ].)Q",
        "bdp] /",
        ".'Zeb",
        ",!B8{",
        "7MO@j",
        "|j&3)",
        "|3Zs,L",
        "ZO]mR",
        "E.XV\\",
        "R`I\"Wz,",
        "x*G?\\}",
        "*<dbG",
        "8``ii4",
        "8A9N9k9}:",
        "7E5@TZ",
        "!byD!",
        "j=S5gb{",
        "_g@Y3",
        "nv,0'",
        "t8/A\\",
        "5L4zh0",
        "i.+V1",
        "1:Mo-0",
        "tda\\P",
        "kaRA0",
        "3,>S<nkq",
        "m5X'w",
        "BM~b4mRu",
        "MzM.Ak",
        "tS+7r",
        "Gp%P>",
        "-k[41wgU#",
        "zkB[p",
        "x,,y3Q",
        "\\<o=+",
        "g/+y\\",
        ".Ca9$",
        "?{U9P",
        "e5qZ9KJ",
        "Ek;;n",
        "mpctKa",
        "zh-cn",
        ":02NDf",
        "fb7Aa",
        "VOZ}wvRh",
        ":FCS2",
        "j{N'S",
        "#Gagw`P",
        "}uGc^",
        "hsqpe",
        "dKE_!",
        "ScUHt",
        "8^~>?",
        "q%]Hb",
        ",txmJw",
        "6+nh7:",
        "@~#!C",
        "'K<nN",
        "c5HF\\\\QSA4",
        "R,s~R",
        "HE?\\5C ",
        "u0l%^G",
        ">6?l?",
        "*0JV~_",
        "9_-U<G",
        "QB1K|",
        "eOE{[",
        "4f{:E",
        "uspmA",
        "KuF2&",
        "UuidCreate",
        "Xl|Da^qd[",
        "fU*xk",
        "CoInitializeEx",
        "5BwlW",
        "QMf#Q",
        "[n>2{",
        "RT5Yq",
        "I8?8L",
        "]03Hl",
        "Pb\\u5",
        "=J'qa",
        "M$5US]",
        "^LDML",
        "^Vk9}",
        "*`3.z6a",
        "s=-:6",
        "R< fa",
        "L;K!x",
        "df\"{6!6",
        "a]gno",
        ")LZ+3",
        ")uGfv",
        "Y<V#/",
        "yq5(W",
        "{zNJ7=",
        "5[\"Tl",
        "zRNR&,J",
        "-O8\":",
        "3o#kMe",
        "f?[hD",
        "NAf[T9Dp,",
        "heIM2",
        "fb62f",
        "*]+(3",
        "slLj4",
        "Mr/*C'N<",
        "m3{*|",
        "(L[ev/@",
        "WGi5j",
        "2;2q2",
        "LNX0gkf",
        "*EMnEA",
        "4MCT;",
        "ar-KW",
        "t\"?UB",
        "r`w/h",
        "92m%u",
        "y~D..",
        "]j6!x",
        "}3ty9]",
        "`\"8dA",
        "bY\\Y6",
        "OBzT]",
        "{LQV},",
        "]huh(",
        "?_F9E",
        "`default constructor closure'",
        "&}'}J",
        "<96q+L7",
        "c$U\"%",
        "i);XH",
        "MFf]R",
        "%e=4O+yz",
        "gW$06",
        "GeisP",
        "7isLw",
        "@bd[@",
        "?5Wg4p",
        ")9):w",
        "Hhm%C",
        "SH3\"&",
        "zCeCX5.",
        "aNh D",
        "#zln=",
        ")[(UO",
        "`+G]D",
        "ah:X:F",
        "$F7o6",
        ":t=Hbv",
        "vC?-K`",
        "!)XxV",
        "w5\"VK9=",
        "b#%S ",
        "$Ccr.",
        "rYh%k{",
        "A\"^S\\",
        "1N+(w",
        "9|+T\\U",
        "^o1Ke",
        "vABUV",
        "iR^Y3",
        "YfM7Hy;",
        "}8TAy",
        "qFM]'",
        "#f%Xb9:",
        "Failed to open container.",
        "TB`K)z",
        "7C}V;e",
        "ae')-",
        "; ;0;@;P;`;p;",
        "P@s_kf",
        "(;y r",
        "s%Kj,8",
        "ycH~l",
        "'F;Qo",
        "=N5mM(",
        "a!{'q*(=",
        "VDtz?-",
        "<&<-<4<;<c<~<",
        "nf^EN:",
        "OFSUX",
        "\\V@L(m",
        "ch!)A/",
        "fi2x]fb",
        "b7OqH",
        "1Kmn:[",
        "bD)co",
        "RtjEb",
        " `<v~",
        "LELiN",
        ",MiGEvS",
        "8t>NIh",
        "+_(9]",
        "-Dvpk",
        "mNT?J",
        "` :o*",
        "68|tO&!w",
        "J4Ked#_*5h+",
        "5_G/:",
        "-yb`e",
        "ES9%;",
        "fn?ed?",
        ";\"<L<d<",
        "M(j]G",
        "4V:S*",
        "bb9]}",
        " H-t2",
        "2r|V`6",
        "mgj_(]S9",
        "Se&:]",
        "EnterCriticalSection",
        "Jf1T;",
        "u3oxo",
        "SO=C4",
        "'Gj==",
        "C=/R>a6",
        "5hC+%",
        "w3wii",
        "[-$\\!",
        ";kl5F+g",
        "tybO5",
        "se-NO",
        "JOT |q{",
        "G$4NA",
        "nd(_l",
        "Od6[~",
        "uZZ6&",
        "CQ\"[M",
        "[+cobT",
        "E}HM3",
        "@T[UA",
        "O'R(t",
        "+WG[N",
        "X\\l=\\;",
        "'Dp|k[+",
        "#3brMt\"|",
        "^\"6!\"iD",
        "MQY%%*",
        "cgTXKrb",
        "]e)$S",
        "Failed to ensure path is backslash terminated.",
        "#&rTJ",
        "*LLT.",
        " `!.{^",
        "BIZC{",
        ">H8?U[",
        "pD\"eh",
        "RtlUnwind",
        "Q<0q'",
        "R<45&",
        "+;S_OG",
        "{9Q|0a1",
        "ru@@r",
        "v+}#H",
        "kA;T\"",
        ".c^@~",
        "PiQ^mps&",
        "2D*qr",
        "/!;(k",
        "|(eX4",
        "'63$!",
        " \\^>Z",
        "<$Ek,",
        "/i>T7O",
        "Fz&Z,",
        "QqXaG",
        "8u`~vD",
        "bk g\\",
        "\\i7eb",
        "2>qf{I",
        "S6+&0",
        "aUM]3",
        "}\\QD2",
        "?%FEd",
        "8ne'6`",
        "{&J}*",
        "r>_A ",
        "Y8CK$",
        "bt%\\l",
        "b8|.3",
        "Z8eBj8O",
        "20260611075249Z",
        "b--WGh",
        "_t&~L",
        "SygN{",
        "<E#6]w",
        "5@pFJ",
        "vx=*)P",
        "NP{lxyF",
        "Cl'K,|y",
        "3YA.^e",
        " 5%{eq",
        "o5+jy%P",
        "2I`q]u",
        "CloseHandle",
        "J~Ncm",
        "NlX=!",
        "+l:]c",
        "?R[SI_Ud-P",
        "DYcuX",
        "_U|i<",
        "abcdefghijklmnopqrstuvwxyz",
        "<n..g",
        "WER>U",
        "S226u",
        "(@,#[",
        "5G5dUU`X)",
        "YC]u!",
        "Cg!2bH0",
        "W[\\'Z",
        "sf6aqO",
        "l,ep>",
        "4vN47",
        ")!<}T",
        "Sh|6lv\\",
        "q1`R,",
        "n[oF^M",
        "*f#Ka",
        "<F&[[",
        " Base Class Array'",
        "+|EKS",
        "9#9/9t9",
        "'&1'J",
        "U}m\\|%",
        "phN7`",
        "J~{<MB",
        "dTEmo",
        "0 0$0",
        "^,xzJl\".",
        "&2i_2",
        "ZQxeGy",
        "7A%\\W7",
        " cZUj",
        "02Cr@K",
        "zd|eFO",
        "]93 Q",
        "^C$-p'",
        "(2E^,",
        "Ypu|{",
        "O%*3V",
        "vA=Y#",
        "zW`!W",
        "?7?k?",
        "USER32.dll",
        "_W$<(",
        "vLXQ#",
        "Bsrf>",
        "iLH:w",
        "SZa2GT",
        "JqtMo",
        "G*6yK",
        "{cT7eC",
        "6(6H6P6X6d6",
        "4=NOFU",
        "hwf|o",
        "yZdBB",
        "JwVWZ",
        "-#,us",
        "#hT:83",
        "2b5A&'m4g",
        "or.C/",
        "&7hEL",
        "n;ZY1",
        "e{m<!;y",
        "#Cuw@",
        "ttkb]~",
        "ZrUR\"",
        "9\\I':A",
        "-[62R!",
        "fE0\\X4",
        "tQpl/",
        "~M<z\"",
        "~_%mrI",
        "k(o|ko",
        "NdO,Fib",
        ";U\"D'i.W.",
        "n3zUv",
        "P}6uOo1",
        ")]Kg3V",
        ",VEU2Y",
        "A2v]O",
        "N4*JL",
        "|ngP{",
        "W&}ei",
        "nhjap",
        "SetFileTime",
        "i?qmk3d",
        "<ZxSEy",
        ";xJVv",
        ";]R4u",
        "Np^E5S7:",
        "Ckz16w",
        "q(jxC",
        "#%T?{Xs",
        "5f1Py",
        "9=7ug ",
        "e=;1\"",
        ">UUH,",
        "ybg7Q",
        "uuJis`h9",
        "&`]}Z",
        "%+)0p",
        "OE.\"D",
        "|^:P!",
        ".,oR+",
        "mi-NZ",
        "AD5<r\\",
        "[3lW_",
        "x6q[F",
        "_K%7n",
        "ye,3mv",
        "gK.\"rp",
        "wczGA",
        "QL&]f",
        "d/&+R",
        "XR_+qK58|",
        "fi-FI",
        "313F3R3X3m3",
        " #{|@\"",
        "#d,F7",
        "6C'Lk",
        "v\\D,C",
        "programArgs:",
        "^Yo02",
        "2-;7N",
        ".:^8#",
        "oKz)f",
        ".cd`F",
        "s;m,Au",
        "emd^y",
        "jyMWb",
        "{#%GU",
        "#Qa?|",
        "nG)w.V",
        "IXF!G",
        "G#pd(",
        "Wat]yx",
        "@G=HMX",
        "(||-H",
        "`(OO{",
        "Wtfs|m",
        "Xfxwg",
        "\"6%O_2L",
        "FhU!TT",
        "h91U?",
        "?[fz%!",
        ":w/sF",
        "5'f\"xd",
        "WV6H?",
        "MJG#$|",
        "N+[[7",
        "fSn`d",
        "TJ{ix1",
        "Wny?3R9",
        "~yb#b",
        "x`BOW",
        "B<szhm[",
        ",r6)/",
        "xHpDj(Ohq",
        "|O$<6",
        "K5JLe#(z#",
        "N)sNb",
        "7'7/7",
        "2Fb089",
        "]\"D;Pg",
        "`K#M ",
        "~5WtZ",
        "`\"3L';0",
        "VQ9 o",
        "Wf.VC",
        "kG<_^q",
        "O9oGg",
        "1(lROS",
        "G<E5C",
        "EoFC-|",
        "y^O Fk",
        "&'brx",
        "&)qBF",
        "ruOf*U",
        "D\\e3k",
        "<L[I\"",
        "}/(T7",
        "g$&03",
        "OrY~pOu",
        "G4G'M ",
        "/GMw{",
        "zh-tw",
        "ze{u<",
        "A~6II",
        "|m/Y,",
        "hJl/i",
        ">Y5u(",
        "C]l`cA",
        "VU;eK",
        "|_[i>",
        "hec*6",
        "ymbA^",
        "-EFp|",
        "Dy7D/",
        "beqAe",
        "#G\\vu",
        "=W>m ",
        "9T^wDm!",
        "/,Cq(Va",
        ":1C|rj/ ",
        "$WFWDD",
        "aKj~o",
        "&2icV",
        "JmnB#",
        "'`'O|",
        "Y\\Axu*",
        "TlsSetValue",
        "Error 0x%x: %s",
        "WNc!n",
        "g3}E:",
        "cADdG",
        "5h5@l",
        "T^*r8",
        "^DFn_",
        "K,cmG",
        "7CBM^",
        "R[!*;&",
        "oO]Gq",
        "7v,/w",
        "!ykyg",
        "Ei(Q:",
        "ktY%.",
        "]`.;:0",
        "dj:*u",
        "A7gUj",
        "Mk\\<J",
        "XGE$^\\q",
        "|H5y&",
        "Vj0XPW",
        "oAP5T",
        "8ozqVde",
        "2gsAk",
        ">Y2P<w",
        "4b\\=,6",
        "CUL#[",
        "5LHKY",
        "9\\{PM",
        "Dm*8h",
        "AeR<a",
        "ayq-c",
        "Ai^z'",
        "X[_^]",
        "W\"0L4",
        "I7:gc",
        "56Z3xjn",
        "%NEn9",
        "X/|8,+",
        "Zvhf8",
        "ntRR>",
        "z+;|D{",
        "U(qS:",
        "+WJ99",
        "BGLcS",
        "ft#1(",
        "09za:",
        ":.qbY",
        "Windows10.0-KB",
        "\\V:QO",
        "'+~:4",
        ">eLJ,@",
        "f8rmEd",
        "Z4Q|B",
        "_@Q3d",
        "J0*kB",
        "y\"UvO",
        "<%=Q=k=q=",
        "3r2]H",
        "v2!L.2",
        "-|~WP",
        "en-ca",
        "e,ktnYuH",
        "\"ha07",
        ";[0~k",
        "Y2EkS",
        "Lz4Xi",
        "uEf1q",
        "RiXsk",
        "<XswP.",
        "z1RuP",
        "rdy\"yd",
        "i*+w3",
        "3XBP2",
        "5dE{~",
        "\\BEcfLT",
        "mK&gv",
        "s<m|[",
        "Failed to select current directory for extraction",
        "LkCMrZ7",
        "2SPdy[GQ",
        " Wv}[",
        "n0(iU",
        "/vHb?",
        "DU;_N0",
        "#tm?*",
        "^p</SH",
        "&NyIgX",
        "^PA Y",
        "N%[~%D",
        "(s:S]2Zm",
        "(Q|#%2",
        "\\Z=m]",
        "Z@H,D@",
        "!3erT7",
        "*OAb.H",
        "FJ*,7e",
        "2.6#^",
        "q5K{<t",
        "{x{>^",
        "C)Rl.",
        "lj:+-",
        "2I.(o",
        "_glC6",
        "QEk|,gKG",
        ":%:3:P:X:",
        "&E8[k",
        "/KK~k",
        "_@PZL",
        "Dni&$",
        "Ggf7#",
        "J`dRG",
        ")^DvX",
        "#-rN{",
        "\\znS))",
        "^*~K9",
        "e$!RD",
        "G`yIW",
        ":\\P+W",
        "_KMq$",
        "es-CL",
        "c2w$;",
        "\"c@w1F",
        "OKag_",
        ">mY^8",
        "pa-IN",
        "-yp/8",
        "OL'Y5",
        "EbQ}<",
        "6\">rlI",
        "M6/RSH",
        "a'f;Me",
        "H`dGF$R",
        "%!Fn4l",
        "$Y&lW",
        "3a8^?\"",
        "EPe'N",
        "'cSaw",
        "){\\WM",
        "d`j/u",
        "cD?tj",
        "tK~?F",
        ">!>5>>>C>N>S>^>",
        "70Stizh",
        "w4Rrdi",
        "XCX:Ivb",
        "Gy+$R",
        "9#WIhH",
        ">EV`n",
        ">uISf!",
        "&jW=e",
        "VXQx~[$m",
        "}jBUnD",
        "-^]]C",
        "Pf<y,",
        "~96TtA",
        "l0w~y",
        "{~}NDP",
        "^Z8aO",
        "Ann@U6)B",
        "40(y9",
        "?!)C%",
        "{cQG/",
        "$F0XmZ",
        "HXZ6F",
        "`eh vector constructor iterator'",
        "HbsM%",
        "SetWindowTextW",
        "!psT~",
        "d5Vy2*",
        "DiZ_X",
        "mX0?g",
        "-N/tB",
        "?]\\lA,",
        " t@&=",
        "Q.+5M",
        "jo%Bm",
        "(VZ^:F$K",
        "Pqcrau",
        "W!o;q%",
        "Cu&29",
        "8@Y++",
        "k81!gaoB]",
        "0#2@#(Hh",
        "s6Uc<",
        "Qkh\"M+",
        "`WH0x",
        "~x&:tF",
        "FileTimeToLocalFileTime",
        "Oq]o5:",
        "}@#,AhUl",
        "N]B=U",
        "R7Ur;R",
        "LAfgj",
        "1Z2+4",
        ";S2h=n[X",
        "H:Z*V",
        "?3N`.j",
        "XCDnQ|",
        "DCT}g",
        " m8$eQ",
        "'}1<y\\2y",
        "3~}N,",
        "}%^C,",
        "id[>\\",
        "o&5<6u",
        "5Y4kI",
        "SC-eCy",
        "Q>&a1",
        ";T,k2'",
        "l't^G",
        "/)}fYf",
        "+^a=E",
        "S/5(9",
        "<ORVc",
        "d*M|X",
        "j1Qt%",
        ":|\"G? ",
        "$ {A9",
        "-x0D-",
        "BCryptCreateHash",
        "FileVersion",
        "|=o)0",
        "*P@j>",
        "ez$4$",
        "Ikmijw:",
        "kQ#R;",
        ":!72X",
        "YT`DB",
        "ca&/-",
        "\"]1m?V.",
        "_\\@.&.",
        "y@zuaQ5",
        "?]\"wX4",
        "Hh?2`",
        "^^,]?R",
        "`4#7i",
        "E|XeT`",
        "a0_0]",
        "u9/w#",
        "4.m.F",
        "mD=eN",
        "=KPC|",
        "T7K#c{",
        "I[XyDr)",
        "`J{PwR",
        "7{W{'",
        "&rEoo",
        "VfcB9",
        "DeleteCriticalSection",
        "*I[!)8",
        "vbcFc",
        "e3t mnT",
        "F/`xiu",
        "}J\"\"x",
        "E9>ar",
        "D]D&at?",
        ")5JLoy",
        "/`]U`\"",
        "=S{pKkP",
        "ar-TN",
        "cB-L6",
        ",c'?VDH",
        "#L4ct>Z",
        "h\" W?oN",
        "2E$N<'L",
        "ISBjf}",
        "I8HZ{",
        "^x<P/",
        "8Y\"s'",
        "33gUJ9",
        "ar-iq",
        "ay\\\"k",
        "r*bUm",
        "w5,!N]~",
        "'U%!-|52",
        "1W>P^",
        "K/h^2vh",
        "c=`;?",
        "AiOxv",
        "'1mx\\mW",
        "/ vWf",
        "rz[CAC",
        "&z}]$",
        "mGz<'3=",
        ";R:Fw",
        "}0E!E",
        ":m9Td",
        "M^1$_Og",
        "2lq#[,",
        ">M}5Bj1",
        "~}Zb`/",
        "pp.NJ",
        "*fO/Ux",
        "/c;bN\"",
        "N>Q`\"}3",
        "`UBO;QS",
        "es??E",
        "CI}Q2",
        "\\b)u^",
        "`GuX,",
        "*N:+h",
        "kd[z<3)",
        "+ x<hk",
        "hvyga",
        "TnZv^",
        "WQ#%:",
        "h:/uR",
        "E%YF?",
        "~\\/=^",
        "A\"(rl",
        "0{T7:F",
        "Failed to start reporting progress",
        "rhgu:",
        "{+dJ6",
        "1'*a3",
        "yh:B:h",
        "2^6&^",
        "l|eR<M",
        "bi[s0",
        "X!t7e",
        "_p$\"v",
        "he-IL",
        "Y=lIt",
        "Failed to alloc cleanup list buffer",
        "Uc?,c",
        "aK*Y_1",
        "O_)#KM",
        "F(:'lxF",
        "_cE}L",
        "nJQ8eVs",
        "Skm8j",
        "KDhf{n_7L",
        ",Z58U}",
        "wuR&F_",
        "Sz6 >",
        "fr-BE",
        "N]48hv",
        "n1PQFW",
        "Zt8%(V",
        "a@khO\\R(",
        "OmuHB",
        "fj:d.",
        "iB7vL",
        "tFkURa",
        "P1:DR",
        "k#Zm;",
        "lie='",
        "u0i6~n",
        "X6)Zk",
        " {FVAz",
        "__pascal",
        "b: _T",
        "DfT25",
        "R{3-'",
        "n({.I",
        "}.a8e",
        "?WqqD",
        "xms3iLB;l",
        "t5SmUh",
        "2p@rTA",
        "O:GU7QK",
        ".msFN",
        "_zj8.=",
        "{u_dZ>",
        "xw*+0>",
        "w6Sx$",
        "j0Z9~4t",
        "KRBnb",
        "ycv\"N",
        " Class Hierarchy Descriptor'",
        "Ia2>Gh))",
        "RfKa?",
        "~ +~4+",
        "SgWo*",
        "}?UljW6eY",
        "R. A<T",
        "~>\\^G",
        "j2M>/",
        "W{`'K",
        "4RA`k",
        "HgP\"uK",
        "oWP/x",
        "R*c+?",
        "A kQ9",
        "7,747<7D7L7T7\\7d7l7t7|7",
        "{j6wh:L",
        "i>ELv&",
        "Ny\"vp",
        "fg9M[J\\",
        ")]I+v",
        "SY]vWRdl",
        "1BlYd",
        "'AUd$fdk31",
        "qg&_`",
        "(f'&%",
        "CbaJU",
        "m1-Sx",
        "ST@K:",
        "/yU&+z",
        "Ub-=0",
        "^!5pp ",
        "zUt>($n",
        "(c PM",
        "t`nmc",
        "ZlS<(",
        "L1XL0",
        "eyqTB+Q",
        "*'>-D",
        "<.IZ;",
        "V'q09",
        "JzR}9",
        "U-0Mi",
        "^^+s[l",
        "_+W/d",
        "SW-V\"",
        "LSZwt",
        "@,W\"S",
        "]FVBF",
        "QK)uB?",
        "`)c?u",
        " ;yD0",
        "\\#+v7",
        "NSoj`",
        "4x<Hc",
        "D:PT\"",
        ")!R }",
        "GQiC;",
        "{PN9O",
        "EC]}%e",
        "TUy\"-",
        "9/dW<4",
        "ro-ro",
        "6[=u#5Ia",
        "a~W5u",
        "bn-IN",
        ":TAno",
        "Lbd9sN ",
        "*Yj#-",
        "lJkeU`",
        "ud0$\\",
        "<xcg^",
        "}f\\Cr",
        "Ih*R4,",
        "Ql-2I",
        "fyh^\"_`s",
        ";i-z7",
        ")F_iI",
        "PVaCy",
        "WNI:vN",
        "j &`!",
        "S=q\"NV",
        "V92*&",
        "Ew0`F",
        "SA_[2s",
        "H!o?M",
        "v@n L'0S",
        "+{F=Q",
        "?#u\"M",
        "{feLL",
        ")wTVJN@v S6%",
        "L8\"H.",
        "u?x(L",
        "DjLWx",
        "IC3dt",
        "(cx,99",
        "K}A@9#/",
        "G0N0`0",
        "I*a0?D",
        "e%FqT3",
        "80_ZQ",
        "jmN:X",
        "f4a!Q",
        "78Gp'",
        "WLjlPHy6",
        "2\"2B2",
        "#/[F$",
        ":}]!Y",
        "<OPkn4",
        "]yV:eOa|W ,",
        "w0?q(",
        "^% gk<S",
        ">ve93",
        "hG]OQ,",
        "Jj9sE",
        "shell32.dll",
        "Hkz,r",
        "f>q/c",
        ".7oq\\",
        "{)1~9o;",
        "$5*|>-*",
        "~:T\"8",
        "uRZ3&",
        "vq+Lq.",
        "hPDM7",
        "Zism{H",
        "SEBK#5r",
        "+B$&4",
        "T6<<P",
        "#OyYWyK?",
        "R*6CO&Bx",
        "fxoPoC",
        "M#:XDq",
        ",8\\uEe>)",
        "+~S{ 0A@",
        "GL<dYiU",
        "`|%>v:j",
        "j%i35",
        "&#%Wx",
        "!!u):",
        "zu-ZA",
        "8jPVAh",
        "if 6M",
        "/;3F0",
        "~.#HZ",
        "X& D/i",
        "t.N)<V",
        "n]RX$L5",
        "$jrA5",
        ">4_.0",
        ">http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0",
        "mk-MK",
        "Xl-$(S",
        "_yvSg",
        "\\?;e5",
        "s*3I'",
        "@af)s",
        "fhr$X",
        "TbUy$",
        "NE4`E.",
        "!N+D[",
        "Microsoft Time-Stamp PCA 2010",
        " fDk#9@",
        "E[oF4DE",
        "+`yhL4",
        "%fo=lpo6",
        "3+FIwq",
        "0EQ]6;xp,",
        "8]9W=",
        "^/p-T%q",
        "~'=}x",
        "rl(B&L",
        "b]K^pc",
        " M4|:",
        "^i2]M",
        "]H{U]v+",
        "P=k2Szr",
        "dAPO_=",
        "+;$+G",
        "AB6hb",
        "wln4zU",
        "tP@ocI",
        "6&7[7",
        "Fv^~p",
        "}^Y:S",
        "CFTz*",
        "-WgGMl",
        "!O}37",
        "2>RENd",
        "W_DYh",
        "6gG:l",
        "jh^Z!",
        "#`'Lu",
        "Ds'>y?C",
        "s-X[Q",
        "Zg>|D",
        "y:ieV",
        ")E'L!",
        "O-l+?",
        "hW{7f",
        "3dN1US",
        "75XAl",
        "1k#^!",
        "#cDeD",
        "&(]T=",
        "%!@'xT~B",
        "lkGYJ",
        "hm-B0",
        "PQSVW",
        "3>i?ht",
        "x],$g",
        "September",
        ">!?+?a?",
        "G:u`|",
        "ywy_M",
        "Hy['g",
        "\"e;Ex",
        "[5^g69",
        "yR0Ub",
        "\".=\\<",
        "QB=@N",
        "7B?Zq",
        "$%tx4",
        "-\"Br5tUY",
        "`W~VJ6",
        "hYu|j2",
        "UU9uQ",
        "-Y5:N",
        "|bT7\"",
        "_K5{-(o",
        "nD9:h",
        "fJ!`m",
        "K,QzW",
        "<=lx/",
        "HGAqe",
        "l^6M{",
        ":]|<M",
        "2k]]D?",
        "iGaSQdD",
        "ZY1g9",
        "R0%% ",
        "$pg+<Y",
        "nt^{P",
        "?Xt#s",
        "2!GD2",
        ";z2l>",
        ".CRT$XPA",
        "/PsGb",
        "W\"JxH",
        "GetCommandLineA",
        "uvOIC(9",
        "mn-MN",
        "E;TM ",
        "gzH1!",
        "2q\\*{",
        "I g(r%Tk",
        "?+0He",
        "xj F.",
        "lj=JO9",
        "nQ=Mm",
        "Failed to get text from the directory control",
        "ojD/t.",
        "ZR~{@",
        "bT-v&",
        "Failed to set target directory",
        "(Jzn~",
        "b=CL@n",
        "Fcp ~,",
        "ZX1O#",
        "pu+hQL<",
        "Sqfu}&p",
        "\"YsHD\"",
        ".L`nQ",
        "--- logging level: %s ---",
        "QTPLw9",
        "ZI-Yt[bG",
        "USY17b#CSA) ",
        ";Z0LGe",
        "w(#Cn",
        "fpAfRg",
        "THh/.",
        "D{b(|",
        "kT`LMF",
        "z<D#S",
        "s\\,3<U",
        "O<AdQ",
        "U&~D%J#<",
        ">Q<<c",
        "ext-ms-win-ntuser-windowstation-l1-1-0",
        "69e2AP",
        "UtY`g",
        "%rVsz",
        "f1!Ks",
        "OTZ04",
        "= H9f",
        "bR!&W",
        "DC(bFL",
        "hy'n+",
        " S4IE",
        "E6KQ%)",
        "a](ZS",
        "HGhfc",
        "QhLq@",
        "7)7;728",
        "W\\P0%",
        "Ygj7AG",
        "'qyzh",
        "iP_O/",
        "Bw\\0D%",
        "$;E70N",
        "\\+[<d",
        "w6[D^",
        ";aT'2",
        "ehgR>_U\"7",
        "E]\"mv",
        "<o/r\"Y",
        "J8LD*",
        "/^k)(",
        ">ht`R",
        "2#W^S",
        "9R.a!",
        "72;lN",
        " c^7r",
        "]$E-6",
        "OJ@(L",
        "'AT]2Z",
        "*>JN ",
        "LZU$_Y",
        "-~J57",
        "Yi,+7",
        "{+]5P",
        "JJ:-L]",
        "2\\Id-",
        "xby^'",
        "LegalCopyright",
        "1&Nq[",
        "UX1i7O",
        "fb-^j",
        "ziSG'",
        "~; t\"O",
        "\\S$\\t",
        "ma$^w",
        "$Jncq",
        "F|k:T",
        "ZOc'v",
        "VRcA2",
        "JPzk1",
        "FPRU-(",
        "m]j;I",
        "_ebfop",
        "p);\"h",
        "lr]]j",
        "vW^-[6DB",
        "0c1y1",
        " I>[pd.",
        "aj%iq:",
        "gRN\\z",
        "t%_$0",
        "G7hJ91",
        "|NPk6",
        "\\x:u;",
        "4T?~Y",
        "v&W<`",
        "sA>vd",
        " ^\\>W|",
        "a{J8e",
        "3dM?*",
        "5B@hd)O24",
        "25m:a",
        "l:]}S",
        "#B>{#",
        "8C uY",
        ",>Lze",
        "|`*vg",
        "!Y1deBB,}peTtN",
        "afEGf",
        "UG#`A",
        "|I~IeTMP",
        "6'IKrU",
        "18nQ/2",
        "mirYe",
        "/q)(a",
        "<V5a1+zH",
        "jmTw3z",
        "8r1@#",
        "UJ)V:",
        "g@+QWv",
        "bbF;(",
        "7d&\\>,18",
        "aDlII",
        "Mer2k",
        "X& ,&",
        "c1~Md",
        "%16Mu",
        "070d0",
        "_o#CX",
        "^m|ng",
        "(\"nO[",
        "|dKn_",
        "RO#]c",
        "%\"J#e",
        "4%4/4A4M4]4h4x4",
        "d(&Sz",
        "js*Tq",
        "op\"ax",
        "M&Bo0",
        "r+l`C",
        "M|XKC",
        "EgQp!",
        "`dCJA",
        "\\CX,i",
        "b@VjdP",
        "o'ep,",
        "\\UDn6",
        "?\\xgg",
        "r3zF~",
        "N]=ub",
        "aL.;E",
        ":.fhj)",
        "0.0M0x0",
        "rf!I'",
        "T/NMh",
        "Z]V*:",
        "Nel[8",
        "Bf2Y%",
        "\\\\1w2",
        "^P`/ \\0Y?G",
        "J#Y)sz",
        "](nHT",
        "uAmHBj",
        "Xrywt",
        "zdMw.",
        "ce]&M",
        "\"yNd,",
        "J_8Z>",
        "`fS!(a2P",
        "j5Ee[",
        "U>,VD",
        "api-ms-win-core-xstate-l2-1-0",
        "x za%W&?",
        "=IqP1l",
        "YP`Aw",
        "f%Pa*ha",
        "PcY$p",
        "LRWT^",
        "Bmcyk",
        "m#eY~",
        "~L~D\"",
        "}9-tX",
        "^RZTe[",
        "ao]_R",
        "H0V{'a",
        "L+$+w",
        "zX<Ko;W",
        "l_DP6@",
        "rL R=",
        ":6,_T4(",
        "MWqW!",
        "tQ%,7",
        "&PJ=u",
        "4?4h4",
        "P3&n`~",
        "0pvSZ",
        ":0`wN_!",
        "ly\"IN",
        "Y@Iyn",
        "D8_0M",
        "\"$rR|",
        "UId2m{",
        "dD&zEJ",
        "u RP3",
        "k>&<n",
        "<1zFi",
        "d%3Z'",
        "Zn,O>K",
        "H4UO`%]",
        "elrNsi",
        "|fw\"P",
        "6nqK^",
        "3{iX8DN",
        "h0ngy",
        "a-yc~",
        "C*gM*",
        "15[Yl",
        "CommandLineToArgvW",
        "RWrOW",
        "f@XuE",
        "..Jb#",
        "l^jar",
        "Rb4Pmg ",
        "YL*mX",
        "?%l#+mc",
        "yP0|?)bDSzfK",
        "ZlCOt",
        "yxWS(",
        "fi.7E",
        "?Qg@.`",
        "8fqER",
        "|$jpfP",
        "2*._+",
        "&Hzi\\8",
        "CJ^=4`K",
        "FYip2,",
        "xJ|dj+",
        "&@|el9.",
        "3a%wT",
        " fW\\pf",
        "SL:[O_",
        "P$yWs",
        ",>jM ",
        "I_djA",
        ">s|#&n",
        "ed0a]Q",
        "0=tR[hSB",
        "q 8!\"+",
        "~&5!O",
        "<Y!J8",
        "4O>xo",
        ",^\\T#'",
        "S!`r\\3",
        "7:LItk6?;",
        "af@[)",
        "m?>W+7r",
        "uNrGH",
        "x8B*hv",
        "R)p\"e`",
        "XG+ny",
        "5 5$5(5,5054585<5@5D5H5L5P5T5X5\\5`5d5h5l5p5t5x5|5",
        "+6~&S",
        "c>kd<FeK",
        "6 V?aG&",
        "Y1vuA5nZ",
        "&qQJ`",
        "ftx2j'I6",
        "_E''K",
        "i_Se+",
        "FYIK`$",
        "d&hs-",
        "(E:Lyq#",
        "uY`>,",
        "300930183225Z0|1",
        "}}9wA",
        "6dl#[",
        "Iy]_K",
        "V/kvQ",
        "2|[;pP",
        ".Visual Studio Installe",
        ")q!Nx",
        "(:tz6",
        "V)Tq:",
        "gG+Hy",
        "[mOF6",
        "D%b.%",
        "n6Wyw",
        "3NI,5",
        "]4cI.O",
        "zkD ?4xm3El",
        "xc$v|",
        "eZQ|6",
        "]ozsl",
        "IDATz!",
        "mce7[243#",
        "/P;ga+I",
        "S]];'8",
        "kMFlX",
        "L9tUK?y",
        "az-az-cyrl",
        "W1N0e",
        "mP[w63,-",
        "Asjg\\I$",
        "eZSVu",
        "~c'Ph)a",
        "4hRj@L",
        "*u!xj",
        "[!zfT",
        "b>0^s",
        "'C(muQ",
        "x,M=7",
        "2,s.\"",
        ",;{sn",
        "|m\"1T",
        "FZ]j@",
        "3{|m{",
        "NCQZA",
        "^k<X-",
        ":%H@;",
        ")o#n:^'",
        ":=Ewa",
        "5t0+@#=",
        "9s)$O%<b",
        "Windows8.1-KB",
        "eeox/",
        "XKRRL$*",
        "9E^1U/",
        "@P!=`",
        "Oa):9BuQJ",
        "ajs/f",
        "WmuAb;",
        "FoN_y",
        "5!<b1",
        "bu$[#fg",
        "-LIAf",
        "_N9vW",
        "it-ch",
        "e-$ls%SVCh",
        "IUfo,*\"i8",
        "O\\JK_",
        "c2UWJ",
        "Zq.I73",
        "35wF1%",
        "-GXY.n_",
        "0O0]0t0",
        "9H-+2",
        "jI`'g:n@",
        "g:s?3",
        "0WpW:",
        "FindFirstFileW",
        "v9GYDG",
        "+DO0C]",
        "utRd67z",
        ">&l(o!Q",
        "(,:ky",
        "<}LL#",
        "6vp/F",
        "(A\\vc",
        "R27_M",
        "4.R_O",
        "%_GyI",
        "?*6]4 ",
        ":fAM;",
        "&iU@l",
        "\\\\Q!R",
        "<4q5M",
        "3#CA.",
        "cbL~}",
        "R/cTS",
        "SetDefaultDllDirectories",
        "SD410[",
        ")*kt=Ik",
        "eJ!'\"$8",
        "D|; q",
        "OUudzH",
        "6kfqI",
        "]F>s!",
        "=6QW!",
        "fuY?F^",
        "J(TEQ",
        "aoGMS\\X",
        "_hypot",
        "}>KUK",
        "!pZVz(",
        "WOcD.\\",
        "(1w*<",
        "ELlB/[",
        "U|@ l",
        ".{<':",
        "M:ru_",
        "D!ML/",
        ">~X@:\\7",
        "ftnsk",
        "bK\"Bl",
        "An error was encountered.",
        "hr-hr",
        "yT0U0",
        "KERNEL32.dll",
        "W.ggs",
        "2wBt;.\\",
        "'3_}&",
        "w\\Z?j",
        "/V*)y",
        "GU}>@",
        "Wz}Ib",
        "4+WLd",
        "IwD[-$",
        "%^$dW.",
        "k)0#.a",
        "+7+&w",
        "`local vftable constructor closure'",
        "c$0>d",
        "a$h.:",
        "IIq @",
        "0x07M1",
        "3l/!*j",
        "Tz4_(",
        "rpZ51&~",
        "0u_yc",
        "g7~.Z",
        ",5Geoh",
        "Xat>^",
        "^Lx}7wy",
        "xp %\\",
        "H`/5^;",
        ")kT&p",
        "Failed to get the extracted package name",
        "?.}_[",
        "$XAT;!",
        "JE]d?",
        "L| y0",
        "x`l~l+",
        "0i[:n",
        "in]3Ui",
        "=97mJ",
        ".00cfg",
        "33Ig4|",
        "%Q>rO",
        "h-Oi\"",
        "/XCB;",
        ":QnTZx",
        "G9(u@",
        "fnjnx4",
        "+^q\\q",
        "7$.yi",
        " !TdN",
        "3Axd/",
        "oFa#&",
        "zZ+H5:",
        "gRb!w",
        "&UZu ",
        "!9+}v",
        "LkUPN!",
        "YR{I<,T",
        "Vwp\"<d",
        ";,!B$",
        "cc#$W",
        "{ UEk",
        "kZ0b]s57G",
        "^; V(",
        "xSu$W",
        ".CRT$XIA",
        "5FNrO",
        "PG@,N",
        "Tf?JX",
        "'\"-Sv",
        "J/c=e.",
        "7|17>",
        "0[o*/",
        "`2MDn",
        "~oOmm",
        "0q(3Q|",
        "!T/IK",
        ":r3ct",
        "hW 7L",
        ",V*+L",
        "uw-7`",
        "8s}{r1",
        "R\\A/}",
        "I2>.C",
        "__unaligned",
        "VnK5Q",
        "I_&_?;",
        "9p u\"",
        "X]j4}",
        "aaEEW",
        "VaJBiN+",
        "&j;rkOM",
        "?'???O?g?",
        "dm6F,",
        "4Ap@a",
        "rHf;u",
        "2ws@kp",
        "Xs'A`",
        "[OutWm",
        "*5lkj",
        "LZyKv",
        "\\2R2I=#7f!8g",
        "]0Jh$",
        "8e<yy",
        "mN(z4b~",
        "dN[%V",
        "bL<Ot",
        "2Udm.s",
        "4i>(Te",
        "LSq{~g_",
        "_i~\"W",
        "{7s|pQ",
        "7P<(u",
        "8Jsc?",
        "+owu~",
        "mV#:p",
        "aTO^sl",
        "^I(Nu/",
        "[|}QJC,",
        "[J`Cl",
        "{cg-jQ",
        "--R9|M{",
        "::SIy",
        "9R #?Fz",
        "4Rgx'",
        "8jClr",
        "~`<GJ",
        "QS/hj",
        "#/R~AP",
        "$b 8O",
        "ISZ37",
        "[Vxe|^",
        "Sue[SO",
        "wG#zTM",
        "!\\[sRVT",
        "FileTimeToDosDateTime",
        "Hv2vT",
        "8}0C>",
        "p`;b>",
        "3&%H/",
        "r~8hH",
        "7%=DB-Y",
        "<#;\\\"",
        "V.jx_f;",
        "w<Q6B",
        "@sD[;",
        ",p^w4a",
        "G`EJk6",
        "N>7f9",
        "@btWs",
        "|M]?T<-",
        "Nb,`8C",
        "BXQr!p",
        ";98*Z",
        "4p\\7\\",
        "o8Dbg",
        "vk^sE=",
        "z9||G1",
        "4|at=",
        "(lXt?",
        ".RJE}",
        "?)>B*",
        "7!7&7Z7d7i7",
        "#E\\sX",
        "ar'iU",
        "1\"&>G",
        "ls'29R+",
        "#|!Md",
        "Mx,3/ok",
        "!/b`?:",
        "\\YJ<1",
        "\\)PGm",
        "_F}5nt^",
        "ar-JO",
        ">+'LE",
        "-sI@R",
        "-^S0<h",
        "3\"q> ",
        "78K#s",
        "[S: \\",
        "+D9hO",
        "5spqqi6",
        "vfNJA",
        "km\"UK",
        "3#e5$",
        "$\"'5P",
        "/:\\hq",
        "@3WoP]",
        " wp`d",
        "h UQ_",
        "Ww7wbL",
        "6 S3[",
        "k~% T}",
        "GsY||",
        "\"0hlR",
        "/\\_5(",
        "U7o4T9t",
        "A[0lgg",
        "$.d\"J",
        "n.;f'Ex",
        ">)~wN=J",
        ".v>gD^",
        "p3R#S",
        "IkZw-",
        "S$[H+",
        "8DBcU",
        "3rQSKF+3u",
        "Li>}~i+",
        "x]x<h",
        "koIe|",
        "S9m=T",
        "^V4Bf",
        "/h)qg",
        "RcQD|",
        "BCryptDestroyHash",
        "+US>V",
        "w}z%\\",
        "$g#-2",
        "5Pt!3547",
        "[l>hH\\",
        "~t@`y",
        "$inYU1",
        "+Pke`",
        "D4JO`",
        "ResetEvent",
        "LaZg|",
        ",K/e(",
        "\\z,4r",
        "n7Bn|#",
        "kuAUJ",
        "cI$qCQ",
        "p9o:)",
        "#CJ<e_",
        ":$:,:4:<:D:L:T:\\:d:l:t:|:",
        "cqR@^",
        "hJe4V",
        "=*VL[",
        "325I_",
        "tR}.2\"^",
        "k*vqrro",
        "OLEAUT32.dll",
        ",,\"]T",
        "VgVWW",
        " Ffb(L",
        "Q.t/q",
        "')#&@i>",
        "bcrypt.dll",
        "|hFo+",
        "|4k $",
        "VfWr,",
        "IT`r_",
        "Y^#3 ",
        "|7r7R",
        "!v(+mQ",
        "4[b3RE",
        "g[[\"(",
        "`<ae<",
        "Mdm(<l}U",
        "a E<9Iak,p",
        ";OuQ;",
        "p8s4nwH",
        "5[`DIg5e,",
        "+[q|t",
        "[wUy{Y",
        "s<b}/E",
        "extractExecuteLocal",
        "9O?L}",
        "1*0G^",
        "xpqup]",
        "_w^7s",
        "270517193957Z0",
        "ul?=e",
        "qJtm(D6",
        ">q3 PL",
        "RLly(",
        "E*)KAe",
        "oL[3z",
        "73wAm$",
        "+ V^bsKN",
        "/g.X|",
        "opD[g",
        "ldexp",
        "h=GRe",
        "MRX8<",
        "^#x^r",
        "47wXY",
        "\\Ozdw",
        "$a?DR",
        "/D'4)f",
        "b!W,J",
        "w|;D/r?",
        "ou@O}",
        "'&$B?}",
        "[b5f:\"d(",
        "\\<H =W/js",
        "8HJZ?",
        "]L-17",
        "2$5eP]",
        "'3*&[k",
        "AreFileApisANSI",
        "/G@C7",
        "/<%{5",
        "_(C{>",
        "R>:W@",
        "`Y74[",
        "bI(/g",
        "T[|M,Q",
        "%&[eP@m7",
        "MSy0+|",
        "IdR'C",
        "@*5G2/r",
        "Q[`CGH",
        "hbXBL",
        "K_N>C",
        "c&4NR",
        "%s`gc",
        "34j1Q",
        "xNkM/",
        "KlW9![]6",
        "4)o1\\",
        ".79Ox",
        "3-{or/",
        "v*QqR",
        ",J<[z",
        "?OS'Gb",
        "mt-MT",
        "Az{/?H",
        "m2AV0",
        "1+mz3",
        "h+6wI",
        "XI\\7_",
        "$tfvwC",
        ",_,G7",
        "ob(f.",
        "+)Gm ",
        "xC.4ujO",
        "4Up}8uP",
        "xoXD~",
        ".3iv7",
        "43<BC`",
        "||C?{#",
        "uvY08A",
        "ZnXVi",
        "FZpn-.",
        "nMr/Ea",
        "6|; E",
        "Y,Uw&",
        "b5W%4",
        "TZ{kl",
        "hGem_",
        "\\nyXh",
        "Aec6w",
        "g7N}I",
        "9u01W",
        "S5&S:",
        "@Rh)R",
        "uXzF_",
        "9Ofn\\T",
        "pK@yGhZ",
        "5sj@7",
        ">R|4y",
        "E+9w'U",
        "KO|gC",
        "%E=Q}+",
        "w/$i0",
        "_f!C3@R",
        "xlz%+",
        "W^KX}",
        "gyNJ'P?",
        "4_4S5",
        ">X.B5",
        "~Yw-}R",
        "GwQs&",
        "FO'#j",
        "}|YS&",
        "a[81G",
        "$aO:LP:",
        "1yE@wJ",
        "v=:e)",
        "HT{cr-",
        "5v%2w2d",
        "xMTr=",
        "Q4$!i",
        " et}N",
        "qbNX^",
        "*|@3q(",
        "Failed to open box from path: %S",
        "U'jEVEE",
        "pB=11",
        "m~iQV",
        ";VZW&",
        ".L4 d",
        "JCj{6",
        "eniOO.",
        "sV4/.T",
        "S6%,[",
        "/H;-;",
        "boYmH",
        "&dv}*",
        "sxL?!",
        "v=efpG",
        "3[~ f",
        "pd[;Nx5",
        "Pw`~D",
        "W=C\\G",
        "T5u>7",
        "$3~L<",
        "vj^G8",
        "pFX+K",
        "AMke3",
        "g-Mx#",
        "3^)8'",
        "F2D;^",
        "Pz=dp",
        "r_NUu",
        "]Th^lq",
        "Yz4[Ig",
        "pt-br",
        "|0$D5",
        "\"<+Ya",
        "0IGsm",
        "{B\\Y8@",
        "'{C@F",
        ";cjPw",
        "{8/7c",
        "aAemH",
        "pEK`=",
        "L{j3D",
        "xY=U&",
        "+MVBy",
        "Failed to set out directory",
        "]$&33",
        "auI&H",
        "P$+%n",
        "H q;v",
        "=$b<1",
        "YJjNt~`/.I",
        "[mL;<",
        "U+E!(_",
        "p8;0@",
        "-uy:|>",
        ");>M+",
        "W\\H1%uZ",
        "[j%&*",
        "S4I15",
        "M=>(\\r",
        "/L?)av",
        "8W\"f\"",
        "+]X`r,B7",
        "SVWj@",
        "}BB~G",
        "^f,C$D",
        "_SFX_CAB_EXE_ORIGINALWORKINGDIR",
        "=02,(*",
        "lzl}H",
        "di[LY*_",
        "X;2sk}",
        "ZIVk|",
        "'nGPtK",
        "\"l<Byv",
        "mi-nz",
        "%jn-sMjl",
        "|r!K`",
        "u[C)X",
        "Lx^+=",
        "$[b{OW",
        "Xp6Jq",
        ":ZoT,p",
        "EQ!=z",
        "31f+'",
        "~EWj/_",
        "d& dw",
        "JyZK?",
        "smj-no",
        "$hbHa",
        "S3gXm",
        "9K(t^",
        "lA#3C",
        "_1-hv",
        "6$6*62676J6c6h6{6",
        "km?>H",
        "}NtO$",
        "{duMO",
        "Ud05#",
        "{:i}l",
        "%&uwuE",
        "ar-EG",
        "c^C{*_T.",
        "XFLN^3q%",
        "?oT!P;3",
        "%6Z`K",
        "~Oo=&dq",
        "nIDAT",
        "%#|=~",
        "k8}Gy",
        "p@IJu",
        "Qnu9To:",
        "@}8Jv",
        "^8ydr",
        "n~K-JnJ",
        "{(xqG",
        "V\"39;",
        "=jkMI~",
        "iDp$*9A<",
        "8Rz<`O",
        "X8ipi",
        "Ln]Wi",
        "(d|O:",
        "\"I,7O",
        "f#Xv~",
        "Vhd.@",
        "ZOGsr",
        "gaw4M",
        "v6?nQ",
        "Awx.$",
        "[;47,",
        "WKCq9",
        "%[MKD|g",
        "/2Uga",
        "+b[G)",
        "H{)iZJ",
        "M_%&Y'",
        "fa-IR",
        "$!@.7",
        "cG[1o",
        "K_:ys",
        "w4\"DFS",
        "jIre3",
        "|YY=n=",
        "]O6n(",
        "/z.91",
        "cQdvj",
        "FI)3U\"Ee",
        "yh=$4",
        "&3nYx",
        "iJ{;&",
        "Vw)'IEaEd",
        "qY|Yhq",
        ">$>,>8>\\>d>l>t>|>",
        "GdZ<d",
        "<PH<<",
        "TS+XO",
        "9ePIb",
        "mJw^|",
        "en-AU",
        "G2tzD4",
        "N[So4Z",
        "operator",
        ")^- ua",
        "|%`on>",
        "4KJw|",
        "+\\ODd",
        "V*vOg",
        "PPPPPPPP",
        "4roOT",
        "[|y%_",
        "al}Xf|",
        "~C9O?U",
        ",lMCW",
        "e]h{C",
        "210930182225Z",
        "aAKi.",
        "giw4s",
        "Pk5QrZo",
        "a[<eZ",
        "Cn?iz",
        "?F,'.",
        "IH0|u",
        "-wf(!",
        "^X2#)",
        "QX1%A;",
        "[9\\]!{",
        "'s_Kr&",
        "w+_=T0",
        "pP#&y",
        "tDw>+",
        "2*Md%s",
        "x'3m]/u\"",
        "G\">Hh",
        "#v5<'",
        "b.i`h",
        "Ir<4#",
        "#9)S^N",
        "SAzNyx",
        "\\\"?Es",
        "{D![6W",
        "a)k(2YJ",
        ":p#3W",
        "o0!|WO",
        "<J0b^",
        "nu=[6?",
        "}fI|++",
        "!W?>,",
        "qx-9V2",
        "`]~^f",
        "v*p@$(",
        ".-}OZ",
        "'O :Z",
        "JrQKme",
        "0ivA@",
        "E/ZYC",
        "c\"mC9",
        "ExitThread",
        "E ;FP",
        "Qb:gyz",
        "_oS\\ ",
        "=AKY.",
        " [oc7",
        "prHJO",
        "az-AZ-Latn",
        "*ix0P",
        "hft\"S",
        "Ny'fj",
        "}1Bqpp1",
        "s:.Og",
        "[W*>n",
        "S:;-^x",
        "VJ9l)X!k",
        ")PF ~;9Z",
        "K)I:4",
        "]$#%By",
        "W49~qF",
        "Z\"S; ",
        "czJES",
        "xmqtw7",
        "?:IVr@Q",
        " =8\\\"^",
        "8z:}?",
        "dL!Z>",
        "nyn0j",
        "m?7m]",
        "e[<Abb[9&",
        "pl-pl",
        "i;dUE",
        "es-PY",
        "Dxtj{7",
        "?=T4B",
        "Used --programArgs: '%S'",
        "JA!,0",
        "LF@=:",
        "7!Iv(",
        "ul/H1",
        ".#m\"8",
        "z2]t@hM",
        "`q_~Q4",
        "*D3&7W2",
        "4IBHc",
        "fh<;mn",
        "k,feH",
        "T^5(i",
        "#0Ogf",
        "4tZ!n",
        "N!KLC",
        "<j&A6o",
        "HGD0e",
        "N:dR,",
        "L+AG(",
        "]1_O{",
        "?84L>",
        "+H!`]#",
        "\\B.?G",
        "e;g.|8",
        "Mf|^\"",
        "0^#L<P",
        "Q_PUlh",
        "&+]A8",
        "9m/]j",
        "x\";j@",
        "%~0l5",
        ",l>v!",
        "aqME9",
        "lZahp",
        "\"\"S/2",
        "3&von4#",
        "YqYRt4&",
        "B-sFx1",
        "4}H%<$$",
        "db$^w",
        "R(\\sQ",
        "%r)%3`",
        "^-CF*,B",
        "RdLx(",
        ".o=Aq",
        "$XB{$",
        "T=A->",
        "!}dWn",
        "U+|Rblk3",
        "r8f;u",
        "'Lo!6",
        "r@^9K",
        "TNkvK",
        "Launched extracted application exiting with result code: 0x%x",
        "w@XG\\",
        "qjlxr|b",
        "}p!)rW",
        "a)7I:",
        "-Mkse~i",
        "_-3XlK",
        "+VYS~",
        ">5>[>",
        "}V!U1",
        "z'h4[",
        "dhoqX^Ga",
        "GpV.<[",
        "X5>xg",
        "jrT@e",
        "uC=^Y.",
        "/;8_J,",
        ";i<|s",
        "^l\\)ZN",
        "{_b>_",
        "MmiHc",
        "Ne#2`",
        "mW`cr",
        "36LQp3",
        "n7:QS*",
        "UpPx$",
        "2hK'j",
        "7L40e",
        ", ip4",
        "l@\"ku",
        "Am\\Da",
        "0k7?=B",
        ".vCVS.0]",
        "VAbJH",
        "P>\\`2",
        "3s*'w",
        "7o01;",
        "vOZDM",
        "r%`e.",
        "G&|m#",
        "kdVM*",
        "^rzXt",
        "#B/~O",
        "Q-<rv",
        "g.4k0",
        "a-{B8e\"uT",
        "g$z6X",
        "D&^GD",
        "90Fi/\"[",
        "]A~7A8",
        "hi*#q",
        "qB(3$\"",
        "4IIa_",
        "v<q1Fu",
        "xx\\wP",
        "RoUninitialize",
        "Dmll0&",
        "3xzQC",
        "/[j{1",
        "9 xC;",
        "}F7'@",
        "$Q/\"n",
        "oAFTC",
        "it-it",
        "@:^q\\38",
        "0\\N`kJ",
        "dx,R4",
        "h,dT3",
        "^8>z2",
        "ld\\J]",
        "NgSlyM$",
        "=n@Fg",
        "g^KLTf#",
        "=`UH^#H,",
        "A7O=-",
        "99L!v",
        "(_Zak",
        "{A|rI",
        "C=+t#",
        "a0g*Kh9&",
        "`w'eS",
        "rvb`}_",
        "cRp|OM",
        "PFl3{",
        "g@hsi",
        "g1KU*C",
        "Fl3zG",
        "EKBdz1(",
        "Wx[G$",
        "21LR2m^",
        "TR/LiWD",
        "bF-Qpf=",
        "^BVHO",
        "c&~*V",
        ")`z:t",
        "rcu;T",
        "?SNfF",
        "D0^>uu",
        "2\\>lH ",
        "atan2",
        "'M9D>'",
        "d!C1\"",
        "879N9",
        "ppn3;eL",
        "N`lrM1A",
        "=(=H=T=t=|=",
        ":1_'6",
        "@B#ni",
        "v@z\\r",
        "7pcC|D",
        ":UwhM",
        "y1L\"v",
        "mr-in",
        "yQd9E",
        "6%CJ{_",
        "@bW]m",
        "L5=6<?",
        "FxV-;k)",
        "f&a$P",
        "g5F\\7[K",
        "^I2p,y24",
        "#x;P0:",
        "8F8i8v8",
        ",\\P*u5",
        "5=&,,z",
        "o#KW+",
        ")HlHA",
        "/a>f3",
        ";o&i_'",
        "krA,]",
        "j?1Hs",
        "<BWGW",
        "E5/f_",
        "rMvoP3",
        "s1-5 9\\ji",
        "[/|Xv",
        "$lOp>",
        "ifVyk",
        "% >ua}",
        "5r}'fH",
        "Lky/5",
        "0C:>o",
        "!G^zM-",
        "GetTempPathW",
        "1N9|1",
        "Visual Studio 2022",
        "T&^J!",
        "1(0&0",
        "\"`b+7",
        "/.Qv^T",
        "hG^pW!",
        "3mw$+",
        "Un0G=)X",
        "Z;Dv{",
        "hXA8{",
        "sVtX@k",
        "OeLp*i@Q",
        ">Uuh)($.",
        "#$\"$z",
        "_<;}f)<",
        "ko-kr",
        "rP(0jM",
        "K*hbT",
        "~uGB5",
        "4$9im/9",
        "Ks8H-;F",
        "JIW_M",
        "|2=^,U",
        "2nQHm}",
        "uzStXV",
        "'lKlM@",
        "(9\"nH",
        "*tKi~",
        "|xuXq",
        "F$)=_",
        "x 7\"p",
        "5i]j[=",
        "/P}x8<E",
        "=-f+Chc",
        "k[Aqq\\A",
        "HkGK'",
        "- \\S]",
        "9Y$9r",
        "O0M0K",
        "j=X25",
        "ZYVVCb",
        "@9_ uC9_",
        "^2@zGf]",
        "cKEwL8",
        "$:~a+",
        "hW\"le",
        "?>?K?",
        "4N>\\70",
        "?_=Ard",
        "f1Bx2@",
        "mE&ni",
        "Gjrx3",
        "Wit-^",
        "?gK,-",
        "($^Vc",
        "9#9mm",
        "6P#,X",
        "-k.!|",
        "!-lZq",
        "]FsC<~E",
        "u^GyDa",
        "z[4P%",
        "pbJJm",
        "EW9c>",
        "4xhG#",
        "-QSg^",
        "D2Gw7C",
        "Z=#S*",
        "s!=_E",
        "V\\ ^`",
        "_TDmi",
        "ye;!5v",
        "buqli",
        "TaKag",
        "}PNSH",
        "F}Y 3b",
        "w'\"&Q",
        "a$Szl",
        "#$j}__L3",
        "n],9a",
        "oa!==",
        "GG;ZP~",
        "~o0ZNj",
        "F6ml\"b",
        "dg|R`",
        "fy#P`",
        "?0~+5",
        "V!5!=",
        "$|M|/",
        "`t>||",
        "XjL|Q",
        "92~s)6",
        "t/<Nx",
        "cdaZSJ",
        "3<4K4,5Z7~9",
        "SmhiP6",
        "Jjf|m",
        "id-ID",
        "<)({$",
        "9N9`9",
        "^&Ch>",
        ";x&j9M",
        " +hg^",
        "X=--9x",
        "k!C03",
        "BZ[Rxa",
        "sN)W#",
        "t.JUm",
        "Sghv)D",
        "'s8-|",
        ".M8l1",
        "aH?dc",
        "I\"^t<m",
        "SqcRe",
        "nFWSb",
        "j=f.i",
        "e-g^6",
        "9ya~?}",
        ";x 0_",
        "B1IFuS{r",
        "en-cb",
        "v3E_2",
        "gv| G",
        "Failed to allocate memory for the temp path.",
        ")\\@R1",
        "OjC4RT",
        "\"-w-\\",
        "^,(H_rm-",
        "&%|%J",
        "PQ:|{>x",
        "h_R3:",
        "@PZnQi",
        "39vS'm",
        "%Ty<Nt",
        "_Z\\kH:",
        ": x'x`4",
        ">1T43j",
        ">jvwO",
        "`$QWZ",
        "h/(iTd",
        "MZ(Jtc",
        "z)X[:",
        "?%Vv,Ui&",
        "VFVfig\\",
        "Zl}*:",
        "\\*=wc5",
        "0@GCt",
        "(fSz{",
        "{t}'xv",
        "7^bP9",
        "@{]Ry",
        "&`^L)",
        "*JSCPB",
        "v1 4o:,j",
        "ZZlwenHp ",
        "yuQ5g",
        "7B7|7B:^:",
        "?Tvf.",
        "ZRl<(y",
        "x8,,7",
        "+uI0qd",
        "w4i52(",
        "vI7iGK",
        "hGbK>",
        "{xgNq",
        "hu=^?",
        "xDT!XNM",
        "Ru!\"lM",
        "O43BA",
        "_ZUuS",
        "US,C{",
        ";.^o3",
        "SuJlu",
        "_|z\\F",
        "floor",
        "t~He/r",
        "C<\\2O",
        "y8e+Cn",
        "G4Qm^",
        "yL[1 ",
        "Kt'%wkO",
        "3yc5!H,",
        "*svD%z",
        "1f-u#",
        "hD1frW",
        "HsM)Z",
        "/4S1C",
        "r]T0=@dM+",
        "f!cZ{%",
        "}c4:N",
        "8z)~U",
        "$gUo&",
        "<y2A\"",
        "k1&.  [1",
        "{@GOA",
        "@&':x",
        "wxGvz",
        "%>#rAH<k",
        "$8OoE",
        "(%hG`s",
        "X/8i3`",
        "(5\"Jd",
        "Microsoft Visual Studio Community",
        "MMH'3",
        "2}NR3*`",
        "yX>fQ",
        "0+c>^>",
        "^q_0G{O",
        "mhoXZ4",
        ";gtJL",
        "hlgop!J",
        "lv>jO",
        "b}%0\"V",
        "H)r#K#",
        "Xt>]sm",
        "z7LjV",
        ".)R*i7A:e",
        "z_1c_J>",
        "{gftN",
        "u=2X.",
        ")@`'[Bv",
        "M#1o^",
        "Failed to get progress bar control.",
        "z?gD ",
        "n{oS)",
        "\\n(kMXW~X",
        "UpXr]",
        "J97C@",
        "tEN,2",
        ";YAM#",
        "D6#*4|",
        ";Hn|Ap",
        "`}FR3A",
        "QpuB`",
        "!Gr[*N6|8",
        "W-5L&",
        "~ Y_\"",
        "*p7yAG",
        "eXR M",
        "#;o*FPHxV",
        "hC:gB8",
        "peAi[",
        "@tm5[n",
        "[q0X\\",
        ",_</y",
        "u>JwZE",
        "%i{iNt",
        "Aa%[F",
        ".M\\uF\"",
        "b7)( n",
        "XK'/$",
        "\\l\"5OW",
        "CzU2]k",
        "eCh|91",
        "PL?PyG.",
        "dlKOL",
        "3(nN6v",
        "P&E`z",
        "e-}?j ",
        "VyZC;",
        "|59v(",
        "}59\"k",
        "(k<o,",
        "dea$JV",
        "=*(6rx ",
        "J9U=+",
        "1k(? W)Z",
        "!M[T_J`YCz",
        "QUWo,",
        "R3<@R",
        ")Z'JB",
        "Uy_ee",
        "6S}M#-Q",
        "hW1S.",
        "{[~yT",
        "-~8'kI",
        "I;QQ2pv",
        "txEq m"
      ],
      "virustotal": {
        "error": true,
        "msg": "Unable to complete connection to VirusTotal. Status code: 429"
      },
      "executed_tools": [
        "msi_extract",
        "overlay",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "selfextract": {
        "overlay": {
          "extracted_files": [
            {
              "name": "99527643be8b5c8351218e5efb717618596f99cc2ec66891b98309e02b753770",
              "path": "/opt/CAPEv2/storage/analyses/60/selfextracted/99527643be8b5c8351218e5efb717618596f99cc2ec66891b98309e02b753770",
              "guest_paths": [
                "overlay"
              ],
              "size": 4032432,
              "crc32": "67EEF141",
              "md5": "59a0bf40acca7d54bfa2c5367756f1fb",
              "sha1": "bcd311425ac3483a71079635270574063b895010",
              "sha256": "99527643be8b5c8351218e5efb717618596f99cc2ec66891b98309e02b753770",
              "sha512": "bb070dbaa464aa5eb6f59087cc98d82573471819a57d0331aff917817e7ae472c77ac277ef3e225a6b9cb1540c96c4aa5da9478ed28d4e617dd74180baf8ecb4",
              "rh_hash": null,
              "ssdeep": "98304:YEveQQgZP2A+3CWGLAllEITi9cRZPPhYPB2vyoMEmLwJ:7v4S/kCWGOlEI29cXnhYsqCoK",
              "type": "data",
              "yara": [],
              "cape_yara": [],
              "clamav": [],
              "tlsh": "T13916339744E952D2E72134AABE9C137368F387F6C18C142BEA6D9F74162BB511F10B2C",
              "sha3_384": "c18b32eb3e389ea95cb541a632f91276a5911c9fa2dba16fd7029afead9f61b275f42ee9479b331aa4b9d9f4c4e6b4c0",
              "data": null
            }
          ],
          "extracted_files_time": 0.009224989998983801,
          "password": ""
        }
      },
      "cape_type_code": 0,
      "cape_type": ""
    }
  },
  "CAPE": {
    "payloads": [],
    "configs": []
  },
  "info": {
    "version": "2.5",
    "started": "2026-06-29 13:55:43",
    "ended": "2026-06-29 13:59:32",
    "duration": 229,
    "id": 60,
    "category": "file",
    "custom": "",
    "machine": {
      "id": 60,
      "status": "stopping",
      "name": "win10",
      "label": "win10",
      "platform": "windows",
      "manager": "KVM",
      "started_on": "2026-06-29 13:55:43",
      "shutdown_on": "2026-06-29 13:59:31"
    },
    "package": "exe",
    "timeout": true,
    "tlp": null,
    "parent_sample": null,
    "options": {
      "vnc_port": "5900"
    },
    "source_url": null,
    "route": "internet",
    "user_id": 0,
    "CAPE_current_commit": "394455c2cd85889fb0782bfcf1f8c5c2f7f77b46"
  },
  "behavior": {
    "processes": [
      {
        "process_id": 3412,
        "process_name": "vs_Community_1_.exe",
        "parent_id": 2892,
        "module_path": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe",
        "first_seen": "2026-06-28 21:56:14,308",
        "calls": [
          {
            "timestamp": "2026-06-28 21:56:14,511",
            "thread_id": "3636",
            "caller": "0x7514aaa5",
            "parentcaller": "0x75149db4",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WindowsShell.Manifest"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-06-28 21:56:14,511",
            "thread_id": "3636",
            "caller": "0x7514ab14",
            "parentcaller": "0x75149db4",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000023c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004",
                "pretty_value": "SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000240"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WindowsShell.Manifest"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-06-28 21:56:14,511",
            "thread_id": "3636",
            "caller": "0x7514ab4a",
            "parentcaller": "0x75149db4",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000023c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06b20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-06-28 21:56:14,511",
            "thread_id": "3636",
            "caller": "0x7514aebc",
            "parentcaller": "0x7514ada2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000238"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-06-28 21:56:14,511",
            "thread_id": "3636",
            "caller": "0x7514aeee",
            "parentcaller": "0x7514ada2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000238"
              },
              {
                "name": "ValueName",
                "value": "PreferExternalManifest"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-06-28 21:56:14,511",
            "thread_id": "3636",
            "caller": "0x7514af11",
            "parentcaller": "0x7514ada2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-06-28 21:56:14,511",
            "thread_id": "3636",
            "caller": "0x7514b11a",
            "parentcaller": "0x7514ae1f",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000240"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\WindowsShell.Manifest"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-06-28 21:56:14,527",
            "thread_id": "3636",
            "caller": "0x7514b11a",
            "parentcaller": "0x7514ae1f",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "3636"
              },
              {
                "name": "Module",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "Return Address",
                "value": "0x751524ac"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "3636",
            "caller": "0x7514ad65",
            "parentcaller": "0x75149db4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "3636",
            "caller": "0x7514ad6f",
            "parentcaller": "0x75149db4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "3636",
            "caller": "0x7514ad7b",
            "parentcaller": "0x75149db4",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06b20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "3636",
            "caller": "0x7514b9a2",
            "parentcaller": "0x7514b783",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "ThemePropScrollBarCtl"
              },
              {
                "name": "Atom",
                "value": "0x0000c01b"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "3636",
            "caller": "0x7514b9a2",
            "parentcaller": "0x7514b783",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MicrosoftTabletPenServiceProperty"
              },
              {
                "name": "Atom",
                "value": "0x0000c01c"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "3636",
            "caller": "0x74236cbd",
            "parentcaller": "0x74246869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00001022"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "3636",
            "caller": "0x75b8f11f",
            "parentcaller": "0x74236c84",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "LPK"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0049414e"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "3636",
            "caller": "0x75b8f11f",
            "parentcaller": "0x74236c93",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "GDI32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "3636",
            "caller": "0x75b9800a",
            "parentcaller": "0x74236ca3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "LpkEditControl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7502d440"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "3636",
            "caller": "0x75b9800a",
            "parentcaller": "0x74236ca3",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\\comctl32"
              },
              {
                "name": "BaseAddress",
                "value": "0x741c0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x742454e0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "3636",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "3636",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "4704",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "4704",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "4708",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "4708",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "4228",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "4228",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "2064",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-06-28 21:56:14,543",
            "thread_id": "2064",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca0433",
            "parentcaller": "0x00ca04f2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca0433",
            "parentcaller": "0x00ca04f2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75a80000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca0502",
            "parentcaller": "0x00ca062e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeCriticalSectionEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ba35f0"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca0433",
            "parentcaller": "0x00ca04f2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca0433",
            "parentcaller": "0x00ca04f2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75a80000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca0502",
            "parentcaller": "0x00ca053f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "FlsAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ba8fd0"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca0502",
            "parentcaller": "0x00ca05f0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "FlsSetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75b9b4a0"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca9b2b",
            "parentcaller": "0x00ca9bf4",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca9b2b",
            "parentcaller": "0x00ca9bf4",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75a80000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca9c04",
            "parentcaller": "0x00ca9def",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeCriticalSectionEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ba35f0"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca9b2b",
            "parentcaller": "0x00ca9bf4",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca9b2b",
            "parentcaller": "0x00ca9bf4",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75a80000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-fibers-l1-1-0"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca9c04",
            "parentcaller": "0x00ca9cf0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "FlsAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75ba8fd0"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca9c04",
            "parentcaller": "0x00ca9d6e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "FlsGetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75b92e80"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca9c04",
            "parentcaller": "0x00ca9dad",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "FlsSetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75b9b4a0"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00cab5d6",
            "parentcaller": "0x00ca777d",
            "category": "misc",
            "api": "GetCommandLineA",
            "status": true,
            "return": "0x04df24c8",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "\"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe\" "
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00cab5e1",
            "parentcaller": "0x00ca777d",
            "category": "misc",
            "api": "GetCommandLineW",
            "status": true,
            "return": "0x04df1026",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "\"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe\" "
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca9b2b",
            "parentcaller": "0x00ca9bf4",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-localization-l1-2-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca9b2b",
            "parentcaller": "0x00ca9bf4",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75a80000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-localization-l1-2-1"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca9c04",
            "parentcaller": "0x00ca9ac9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "LCMapStringEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75b88930"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca9b2b",
            "parentcaller": "0x00ca9bf4",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "BaseAddress",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca9b2b",
            "parentcaller": "0x00ca9bf4",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75130000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "kernel32"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00ca9c04",
            "parentcaller": "0x00ca9aaf",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "AreFileApisANSI"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75151d80"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00c9dae4",
            "parentcaller": "0x00c9da65",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00c9db0b",
            "parentcaller": "0x00c9da65",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeConditionVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f64d50"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00c9db19",
            "parentcaller": "0x00c9da65",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "SleepConditionVariableCS"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c33860"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00c9db27",
            "parentcaller": "0x00c9da65",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "WakeAllConditionVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6a4b0"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00c9e4c1",
            "parentcaller": "0x00c9df8e",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x00c9e4d0"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00c8d8fe",
            "parentcaller": "0x00c891e2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00c8d905",
            "parentcaller": "0x00c891e2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "IsWow64Process"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x751506e0"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00c8ec7e",
            "parentcaller": "0x00c8b93c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\cabinet"
              },
              {
                "name": "DllBase",
                "value": "0x74160000"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00c8ec7e",
            "parentcaller": "0x00c8b93c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cabinet.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74160000"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-06-28 21:56:14,558",
            "thread_id": "3636",
            "caller": "0x00c8ec7e",
            "parentcaller": "0x00c8b93c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4d\\COMCTL32"
              },
              {
                "name": "DllBase",
                "value": "0x740d0000"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8ec7e",
            "parentcaller": "0x00c8b93c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "imm32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x760b0000"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8ec7e",
            "parentcaller": "0x00c8b93c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x740d0000"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8ec7e",
            "parentcaller": "0x00c8b93c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\version"
              },
              {
                "name": "DllBase",
                "value": "0x740c0000"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8ec7e",
            "parentcaller": "0x00c8b93c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\version.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x740c0000"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8ec7e",
            "parentcaller": "0x00c8b93c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\advapi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75670000"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8ec7e",
            "parentcaller": "0x00c8b93c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rpcrt4.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75390000"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8ec7e",
            "parentcaller": "0x00c8b93c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76320000"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8ec7e",
            "parentcaller": "0x00c8b93c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x754f0000"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8ec7e",
            "parentcaller": "0x00c8b93c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\user32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8ec7e",
            "parentcaller": "0x00c8b93c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\bcrypt.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76090000"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8aa50",
            "parentcaller": "0x00c892dc",
            "category": "misc",
            "api": "GetCommandLineW",
            "status": true,
            "return": "0x04df1026",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "\"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe\" "
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000024c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000024c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x755e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00087000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7565c000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75659000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75659000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75659000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75659000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x05\\x00\\x00\\x00\t\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x80?\\xdf\\x044\\x0e\\x00\\x00\\x02\\x00\\x00\\x00\\xc8\\x1d\\xe0\\x04\\x10\\x08\\x00\\x00\\x02\\x00\\x00\\x00x\\x1c\\xe0\\x04\\x84\\x10\\x00\\x00\\x02\\x00\\x00\\x00\\xf0!\\xe0\\x04d\\x12\\x00\\x00\\x02\\x00\\x00\\x00H!\\xe0\\x04`\\x12\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shcore"
              },
              {
                "name": "DllBase",
                "value": "0x755e0000"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\SHCore"
              },
              {
                "name": "BaseAddress",
                "value": "0x755e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x75622b30"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76873000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c892dc",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76873000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8aa5e",
            "parentcaller": "0x00c892dc",
            "category": "misc",
            "api": "CommandLineToArgvW",
            "status": true,
            "return": "0x04df94f0",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "\"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe\" "
              },
              {
                "name": "NumArgs",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e0d8",
            "parentcaller": "0x00c9e00a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e0e8",
            "parentcaller": "0x00c9e00a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetTempPath2W"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8da79",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "DesiredAccess",
                "value": "0x40100080",
                "pretty_value": "GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00cb2fe5",
            "parentcaller": "0x00cb2f7d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00cb2ffb",
            "parentcaller": "0x00cb2f7d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "AcquireSRWLockExclusive"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f42340"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00cb3010",
            "parentcaller": "0x00cb2f7d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseSRWLockExclusive"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f424e0"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00cb31c4",
            "parentcaller": "0x00cb2fc2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00cbd000"
              },
              {
                "name": "ModuleName",
                "value": "vs_Community_1_.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00cb334a",
            "parentcaller": "0x00cb2f7d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "VERSION.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x740c0000"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00cb3418",
            "parentcaller": "0x00cb2f7d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "version.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x740c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoSizeW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x740c15c0"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00cb31c4",
            "parentcaller": "0x00cb3201",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00cbd000"
              },
              {
                "name": "ModuleName",
                "value": "vs_Community_1_.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8f293",
            "parentcaller": "0x00c8dc57",
            "category": "filesystem",
            "api": "GetFileVersionInfoSizeW",
            "status": true,
            "return": "0x000006fc",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00cb31c4",
            "parentcaller": "0x00cb2fc2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00cbd000"
              },
              {
                "name": "ModuleName",
                "value": "vs_Community_1_.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00cb3418",
            "parentcaller": "0x00cb2f7d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "version.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x740c0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x740c15e0"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00cb31c4",
            "parentcaller": "0x00cb3201",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00cbd000"
              },
              {
                "name": "ModuleName",
                "value": "vs_Community_1_.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8f2dc",
            "parentcaller": "0x00c8dc57",
            "category": "filesystem",
            "api": "GetFileVersionInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00cb31c4",
            "parentcaller": "0x00cb2fc2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00cbd000"
              },
              {
                "name": "ModuleName",
                "value": "vs_Community_1_.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00cb3418",
            "parentcaller": "0x00cb2f7d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "version.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x740c0000"
              },
              {
                "name": "FunctionName",
                "value": "VerQueryValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x740c1560"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00cb31c4",
            "parentcaller": "0x00cb3201",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00cbd000"
              },
              {
                "name": "ModuleName",
                "value": "vs_Community_1_.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8dc87",
            "parentcaller": "0x00c8dab4",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-P54VDBR"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "44"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlGetSystemTimeAndBias"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f86f90"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000250"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000005",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000250"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000254"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06b20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00003000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000254"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000250"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\en-US\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000250"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000254"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06b40000"
              },
              {
                "name": "SectionOffset",
                "value": "0x04dedb18"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000254"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06b40000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06b20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000250"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000005",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000250"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000254"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06b20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00003000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000254"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000250"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\en-US\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000250"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000254"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06b40000"
              },
              {
                "name": "SectionOffset",
                "value": "0x04dedb18"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000254"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06b40000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06b20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-06-28 21:56:14,574",
            "thread_id": "3636",
            "caller": "0x00c8e82b",
            "parentcaller": "0x00c8e870",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8e83d",
            "parentcaller": "0x00c8e870",
            "category": "misc",
            "api": "SystemTimeToTzSpecificLocalTime",
            "status": true,
            "return": "0x00000001",
            "arguments": [],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8db0c",
            "parentcaller": "0x00c8dcc0",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8daeb",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "[6/28/2026, 14:56:14] "
              },
              {
                "name": "Length",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "=== Logging started: 2026/06/28 14:56:14 ==="
              },
              {
                "name": "Length",
                "value": "44"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8dda2",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "\r\n"
              },
              {
                "name": "Length",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8db0c",
            "parentcaller": "0x00c8dce9",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8daeb",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "[6/28/2026, 14:56:14] "
              },
              {
                "name": "Length",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "Executable: C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe v17.14.37411.7"
              },
              {
                "name": "Length",
                "value": "81"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8dda2",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "\r\n"
              },
              {
                "name": "Length",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8db0c",
            "parentcaller": "0x00c8dcfa",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8daeb",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "[6/28/2026, 14:56:14] "
              },
              {
                "name": "Length",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "--- logging level: standard ---"
              },
              {
                "name": "Length",
                "value": "31"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8dda2",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "\r\n"
              },
              {
                "name": "Length",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8bb84",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8f374",
            "parentcaller": "0x00c8c6ad",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000254"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8c6d9",
            "parentcaller": "0x00c8bbe6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e18000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8c72a",
            "parentcaller": "0x00c8bbe6",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000254"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x01\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x005\\xb6\\x1e:q\\xd7piq\\xd7piq\\xd7pi\\x95\\xa7sh{\\xd7pi\\x95\\xa7uh\\xe1\\xd7pi#\\xbfthb\\xd7pi#\\xbfshe\\xd7pi#\\xbfuh_\\xd7pi\\x95\\xa7qhb\\xd7piq\\xd7qi\\xbd\\xd7pi\\x95\\xa7thd\\xd7pi\\xdf\\xbeyh6\\xd7pi\\xdf\\xbephp\\xd7pi\\xdf\\xbe\\x8fip\\xd7piq\\xd7\\xe7is\\xd7pi\\xdf\\xberhp\\xd7piRichq\\xd7pi"
              },
              {
                "name": "Length",
                "value": "131072"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8c702",
            "parentcaller": "0x00c8bbe6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e39000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8c72a",
            "parentcaller": "0x00c8bbe6",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000254"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "^_\\xc3\\x90\\x8d4\\x0e\\x8d<\\x0f\\x83\\xf9 \\x0f\\x82Q\\x01\\x00\\x00\\x0f\\xba% \\x90C\\x00\\x01\\x0f\\x82\\x94\\x00\\x00\\x00\\xf7\\xc7\\x03\\x00\\x00\\x00t\\x14\\x8b\\xd7\\x83\\xe2\\x03+\\xca\\x8aF\\xff\\x88G\\xffNO\\x83\\xea\\x01u\\xf3\\x83\\xf9 \\x0f\\x82\\x1e\\x01\\x00\\x00\\x8b\\xd1\\xc1\\xe9\\x02\\x83\\xe2\\x03\\x83\\xee\\x04\\x83\\xef\\x04\\xfd\\xf3\\xa5\\xfc\\xff$\\x95`\\x0cB\\x00\\x90p\\x0cB\\x00x\\x0cB\\x00\\x88\\x0cB\\x00\\x9c\\x0cB\\x00\\x8bD$\\x0c^_\\xc3\\x90\\x8aF\\x03\\x88G\\x03\\x8bD$\\x0c^_\\xc3\\x8dI\\x00\\x8aF\\x03\\x88G\\x03\\x8aF\\x02\\x88G\\x02\\x8bD$\\x0c^_\\xc3\\x90\\x8aF\\x03\\x88G\\x03\\x8aF\\x02\\x88G\\x02\\x8aF\\x01\\x88G\\x01\\x8bD$\\x0c^_\\xc3\\xf7\\xc7\\x0f\\x00\\x00\\x00t\\x0fINO\\x8a\\x06\\x88\\x07\\xf7\\xc7\\x0f\\x00\\x00\\x00u\\xf1\\x81\\xf9\\x80\\x00\\x00\\x00rh\\x81\\xee\\x80\\x00\\x00\\x00\\x81\\xef\\x80\\x00\\x00\\x00\\xf3\\x0fo\\x06\\xf3\\x0foN\\x10\\xf3\\x0foV \\xf3\\x0fo^0\\xf3\\x0fof@\\xf3\\x0fonP\\xf3\\x0fo"
              },
              {
                "name": "Length",
                "value": "108544"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8c702",
            "parentcaller": "0x00c8bbe6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e74000"
              },
              {
                "name": "RegionSize",
                "value": "0x0006a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8c72a",
            "parentcaller": "0x00c8bbe6",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000254"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x03\\x00\\x00\\x00@\\x00\\x00\\x80\\x05\\x00\\x00\\x00\\xb0\\x00\\x00\\x80\\x06\\x00\\x00\\x00\\xd0\\x00\\x00\\x80\\x0e\\x00\\x00\\x00\\xf8\\x00\\x00\\x80\\x10\\x00\\x00\\x00\\x10\\x01\\x00\\x80\\x18\\x00\\x00\\x00(\\x01\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x01\\x00\\x00\\x00@\\x01\\x00\\x80\\x02\\x00\\x00\\x00X\\x01\\x00\\x80\\x03\\x00\\x00\\x00p\\x01\\x00\\x80\\x04\\x00\\x00\\x00\\x88\\x01\\x00\\x80\\x05\\x00\\x00\\x00\\xa0\\x01\\x00\\x80\\x06\\x00\\x00\\x00\\xb8\\x01\\x00\\x80\\x07\\x00\\x00\\x00\\xd0\\x01\\x00\\x80\\x08\\x00\\x00\\x00\\xe8\\x01\\x00\\x80\t\\x00\\x00\\x00\\x00\\x02\\x00\\x80\n\\x00\\x00\\x00\\x18\\x02\\x00\\x80\\x0b\\x00\\x00\\x000\\x02\\x00\\x80\\x0c\\x00\\x00\\x00H\\x02\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x81\\x00\\x00\\x00`\\x02\\x00\\x80\\x82\\x00\\x00\\x00x\\x02\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x01\\x00\\x00\\x00\\x90\\x02\\x00\\x80\\x02\\x00\\x00\\x00\\xa8\\x02\\x00\\x80 \\x00\\x00\\x00\\xc0\\x02\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "190520"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8c7fb",
            "parentcaller": "0x00c8bbe6",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e18000"
              },
              {
                "name": "RegionSize",
                "value": "0x000d7000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8bdb2",
            "parentcaller": "0x00c89dc6",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000254"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000258"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8f374",
            "parentcaller": "0x00c8cc9e",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000258"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "8\\x90\\x06\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8cd48",
            "parentcaller": "0x00c8bde8",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000258"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "\\x03\\x00\\xc5\\xb0\\x19\\x7f\\xc3\\xb7\\x17\\xba\\xacF\\x86t\\u\\x80\\xd1\\x8a^\\x01\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "108"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8c5ea",
            "parentcaller": "0x00c893fb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8b9e8",
            "parentcaller": "0x00c8943a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full"
              },
              {
                "name": "Handle",
                "value": "0x00000258"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8ba04",
            "parentcaller": "0x00c8943a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              },
              {
                "name": "ValueName",
                "value": "release"
              },
              {
                "name": "Data",
                "value": "528372"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\release"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8ba24",
            "parentcaller": "0x00c8943a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8e11e",
            "parentcaller": "0x00c8b1ad",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e18000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CRYPTSP.dll"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-06-28 21:56:14,590",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cryptsp.dll"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000258"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cryptsp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000250"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000258"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\cryptsp.dll"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000250"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x740a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x740b0000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPTSP.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x740af000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPTSP.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x740af000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPTSP.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x740af000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPTSP.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x740af000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPTSP.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\CRYPTSP"
              },
              {
                "name": "DllBase",
                "value": "0x740a0000"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\cryptsp"
              },
              {
                "name": "BaseAddress",
                "value": "0x740a0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x740a5d30"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x756e3000"
              },
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x756e3000"
              },
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\rsaenh"
              },
              {
                "name": "DllBase",
                "value": "0x74070000"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74070000"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-06-28 21:56:14,621",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x769d0000"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-06-28 21:56:14,636",
            "thread_id": "3636",
            "caller": "0x00c8b71b",
            "parentcaller": "0x00c8b5b3",
            "category": "crypto",
            "api": "CryptAcquireContextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Container",
                "value": ""
              },
              {
                "name": "Provider",
                "value": ""
              },
              {
                "name": "Flags",
                "value": "0xf0000000"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-06-28 21:56:14,636",
            "thread_id": "3636",
            "caller": "0x00c8b75e",
            "parentcaller": "0x00c8b5b3",
            "category": "crypto",
            "api": "CryptGenRandom",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\x05\\x17u\\xd1\\x9d\\xef\\xbd$\\xb8\\xdc\\x82\\xad(*\\x8f\\x1b"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-06-28 21:56:14,636",
            "thread_id": "3636",
            "caller": "0x00c8b0a0",
            "parentcaller": "0x00c89456",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-06-28 21:56:14,636",
            "thread_id": "3636",
            "caller": "0x00c8b844",
            "parentcaller": "0x00c89456",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "advapi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75670000"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-06-28 21:56:14,636",
            "thread_id": "3636",
            "caller": "0x00c8b861",
            "parentcaller": "0x00c89456",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "DecryptFileW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x756a23f0"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-06-28 21:56:14,636",
            "thread_id": "3636",
            "caller": "0x00c8b880",
            "parentcaller": "0x00c89456",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\iertutil"
              },
              {
                "name": "DllBase",
                "value": "0x73e00000"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8b880",
            "parentcaller": "0x00c89456",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\feclient"
              },
              {
                "name": "DllBase",
                "value": "0x74030000"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8b880",
            "parentcaller": "0x00c89456",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "feclient.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74030000"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8b880",
            "parentcaller": "0x00c89456",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x74030000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "feclient.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8b880",
            "parentcaller": "0x00c89456",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "feclient.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74030000"
              },
              {
                "name": "FunctionName",
                "value": "FeClientInitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74044d80"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8b880",
            "parentcaller": "0x00c89456",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8db0c",
            "parentcaller": "0x00c8b0f6",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8daeb",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "[6/28/2026, 14:56:14] "
              },
              {
                "name": "Length",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "Directory 'C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\' has been selected for file extraction"
              },
              {
                "name": "Length",
                "value": "114"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8dda2",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "\r\n"
              },
              {
                "name": "Length",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8bdb2",
            "parentcaller": "0x00c89fb6",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000254"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000274"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8f374",
            "parentcaller": "0x00c8cc9e",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000274"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "8\\x90\\x06\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8cd48",
            "parentcaller": "0x00c8bde8",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000274"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "\\x03\\x00\\xc5\\xb0\\x19\\x7f\\xc3\\xb7\\x17\\xba\\xacF\\x86t\\u\\x80\\xd1\\x8a^\\x01\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "108"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8a628",
            "parentcaller": "0x00c894b4",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000027c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x00c8a7f0"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "5088"
              },
              {
                "name": "ProcessId",
                "value": "3412"
              },
              {
                "name": "Module",
                "value": "vs_Community_1_.exe"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8a628",
            "parentcaller": "0x00c894b4",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x0000027c",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x00c8a7f0"
              },
              {
                "name": "ModuleName",
                "value": "vs_Community_1_.exe"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "5088"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "3636",
            "caller": "0x00c8a64c",
            "parentcaller": "0x00c894b4",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000278"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "5088",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "5088",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e19000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-06-28 21:56:14,652",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd6A\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028c"
              },
              {
                "name": "ValueName",
                "value": "en-US"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000028c"
              },
              {
                "name": "ValueName",
                "value": "en-US"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e1a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e1f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\uxtheme"
              },
              {
                "name": "DllBase",
                "value": "0x73d80000"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73d80000"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73d80000"
              },
              {
                "name": "FunctionName",
                "value": "ThemeInitApiHook"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73db4330"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xf5D\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0>\\xdbs\\x96\\x88\\xae\\xde"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000294"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000298"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000294"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000298"
              },
              {
                "name": "ValueName",
                "value": "AppsUseLightTheme"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000029c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "MSCTF.dll"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000029c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000d3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a3000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a3000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a3000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a3000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80#\\xdf\\x04\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80#\\xdf\\x04\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80#\\xdf\\x04\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80#\\xdf\\x04\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80#\\xdf\\x04\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80#\\xdf\\x04"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\MSCTF"
              },
              {
                "name": "DllBase",
                "value": "0x768e0000"
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\msctf"
              },
              {
                "name": "BaseAddress",
                "value": "0x768e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7692dfc0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a4"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000298"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Sessions\\2\\Windows\\ThemeSection"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000298"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0944ea84"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Windows\\Theme4054054479"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Sessions\\2\\Windows\\Theme738112361"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09450000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0944f110"
              },
              {
                "name": "ViewSize",
                "value": "0x000e2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-06-28 21:56:14,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0944f110"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:3412:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000298"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x741c0000"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741c0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClassNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74213530"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000268"
              },
              {
                "name": "ValueName",
                "value": "en-US"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000268"
              },
              {
                "name": "ValueName",
                "value": "en"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74370000"
              },
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74370000"
              },
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x741c0000"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741c0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClassNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74213530"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 2,
            "id": 293
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a21000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e27000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x741c0000"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741c0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClassNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74213530"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-06-28 21:56:14,683",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 5,
            "id": 305
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 311
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\CTF\\Compatibility\\vs_Community_1_.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\vs_Community_1_.exe"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0000001e"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002bc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74cf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74cfc000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74cf9000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74cf9000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74cf9000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002bc"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74cf9000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x74cf0000"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x12b4fa01",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\kernel.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x74cf0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x74cf47e0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75442000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75442000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "ChangeWindowMessageFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "message",
                "value": "49245"
              },
              {
                "name": "dwFlag",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "ChangeWindowMessageFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "message",
                "value": "49246"
              },
              {
                "name": "dwFlag",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 1,
            "id": 347
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e2c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtOpenMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "MutexName",
                "value": "Local\\MSCTF.Asm.MutexDefault2"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\CTF.AsmListCache.FMPDefault2"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0944e5a4"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 1,
            "id": 357
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 358
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\CTF\\Compatibility\\vs_Community_1_.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\vs_Community_1_.exe"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 360
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "8192"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtOpenMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "MutexName",
                "value": "CicLoadWinStaWinSta0"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtOpenMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              },
              {
                "name": "MutexName",
                "value": "Local\\MSCTF.CtfMonitorInstMutexDefault2"
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-06-28 21:56:14,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 366
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "LaunchUserOOBE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 375
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "LaunchUserOOBE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:3412:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              }
            ],
            "repeated": 1,
            "id": 391
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x754dd000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x754dd000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "Local\\2ImmersiveFocusTrackingActiveEvent"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00080000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e2d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "textinputframework.dll"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\textinputframework.dll"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-06-28 21:56:14,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\textinputframework.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002d4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\TextInputFramework.dll"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73cc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000b9000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73d6e000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73d6c000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73d6c000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73d6c000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e2e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CoreUIComponents.dll"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreUIComponents.dll"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreUIComponents.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002d4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\CoreUIComponents.dll"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73a40000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0027e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73c5a000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73bad000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73bad000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73bad000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "ntmarta.dll"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "wintypes.dll"
              }
            ],
            "repeated": 2,
            "id": 427
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreMessaging.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002d4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x739a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0009b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73a24000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73a06000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73a06000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73a06000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ntmarta.dll"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ntmarta.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002d4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\ntmarta.dll"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73970000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00029000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73995000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73993000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73993000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73993000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-06-28 21:56:14,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002d4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\WinTypes.dll"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73890000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000db000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73952000"
              },
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73950000"
              },
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73950000"
              },
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73950000"
              },
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              }
            ],
            "repeated": 1,
            "id": 467
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73d6c000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73a06000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73993000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73950000"
              },
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73bad000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc4\\xecD\t\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\xe9\\xe2\\x04\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ntmarta"
              },
              {
                "name": "DllBase",
                "value": "0x73970000"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\CoreMessaging"
              },
              {
                "name": "DllBase",
                "value": "0x739a0000"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\wintypes"
              },
              {
                "name": "DllBase",
                "value": "0x73890000"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\CoreUIComponents"
              },
              {
                "name": "DllBase",
                "value": "0x73a40000"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\textinputframework"
              },
              {
                "name": "DllBase",
                "value": "0x73cc0000"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\ntmarta"
              },
              {
                "name": "BaseAddress",
                "value": "0x73970000"
              },
              {
                "name": "InitRoutine",
                "value": "0x73977e90"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\CoreMessaging"
              },
              {
                "name": "BaseAddress",
                "value": "0x739a0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x73a00f00"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\WinTypes"
              },
              {
                "name": "BaseAddress",
                "value": "0x73890000"
              },
              {
                "name": "InitRoutine",
                "value": "0x73908590"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06ab3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06ab4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06ab6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000030c"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08450000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08450000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\CoreUIComponents"
              },
              {
                "name": "BaseAddress",
                "value": "0x73a40000"
              },
              {
                "name": "InitRoutine",
                "value": "0x73a9e960"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\TextInputFramework"
              },
              {
                "name": "BaseAddress",
                "value": "0x73cc0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x73d00690"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 494
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000318"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\CTF\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000318"
              },
              {
                "name": "ValueName",
                "value": "EnableAnchorContext"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\EnableAnchorContext"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-06-28 21:56:14,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-06-28 21:56:14,761",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "USER32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-06-28 21:56:14,761",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SystemResources\\USER32.dll.mun"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 1,
            "id": 500
          },
          {
            "timestamp": "2026-06-28 21:56:14,761",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-06-28 21:56:14,761",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-06-28 21:56:14,761",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-06-28 21:56:14,761",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-06-28 21:56:14,761",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-06-28 21:56:14,761",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-06-28 21:56:14,761",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e32000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-06-28 21:56:14,761",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-06-28 21:56:14,777",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-06-28 21:56:14,777",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-06-28 21:56:14,777",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000068"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-06-28 21:56:14,777",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000006c"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-06-28 21:56:14,777",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-06-28 21:56:14,777",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000026"
              },
              {
                "name": "uiParam",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-06-28 21:56:14,777",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000103e"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-06-28 21:56:14,777",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00001042"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000001b"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74370000"
              },
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74370000"
              },
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:3412:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              }
            ],
            "repeated": 1,
            "id": 532
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:3412:64:WilError_03"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000031c"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000324"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000006"
              },
              {
                "name": "ObjectAttributes",
                "value": "windows_shell_global_counters"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000324"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0944f1b4"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 538
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ValueName",
                "value": "TurnOffSPIAnimations"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d8"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "L\\xeeD\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00@K_t\\xac\\xdfgt4\\xb9\\xf8\\x06\\x18\\xebat\\xf0\\xeeD\t\\x00\\x00\\x00\\x00`\\xeeD\t\\x00\\x00\\x00\\x00\\x1c@\\xe5\\\\xe4\\xe9D\tT\\xefD\t"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "TurnOffSPIAnimations"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a26000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 551
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000109",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_WOW64_64KEY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "KeyInformation",
                "value": "x\\x7f,\\xffc9}\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00C\\x00\\x00\\x006\\x00\\x00\\x00\\xff84\\x03\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e35000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "27"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "27"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "28"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "28"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "29"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "29"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "30"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "30"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "31"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "31"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "32"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "32"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "33"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "33"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "34"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "34"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "35"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "35"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "36"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "36"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "37"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "37"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "38"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "38"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "39"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "39"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "40"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "40"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "41"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "41"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "42"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "42"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "43"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "43"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "44"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "44"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "45"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "45"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "46"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "46"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "47"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "47"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "48"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "48"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "49"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "49"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "50"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "50"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "51"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "51"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "52"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "52"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "53"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "53"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "54"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "54"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "55"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "55"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "56"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "56"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "57"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "57"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "58"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "58"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "59"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "59"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "60"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "60"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "61"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "61"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "62"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "62"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "63"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "63"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "64"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "64"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "65"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "65"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "66"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "66"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "Index",
                "value": "67"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e38000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 693
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000101",
                "pretty_value": "KEY_QUERY_VALUE|KEY_WOW64_64KEY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "Disable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002dc"
              },
              {
                "name": "ValueName",
                "value": "DataFilePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Windows\\Fonts\\staticcache.dat"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-06-28 21:56:14,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\staticcache.dat"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\StaticCache.dat"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00&\\x01\\x00\\x00\\x00\\x00\\x00\\x00&\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\StaticCache.dat"
              },
              {
                "name": "Buffer",
                "value": "\\x1a\\x83W\\xa5\\x02\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00$\\x01\\x00\\x00$)\\x00\\x00\\x00\\x00\\x02\\x00\\xbe\\x02\\x00\\x00<\\x00\\x00\\x00$!\\x00\\x00L)\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00"
              },
              {
                "name": "Length",
                "value": "60"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000328"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\StaticCache.dat"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000328"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d30000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0944da30"
              },
              {
                "name": "ViewSize",
                "value": "0x01260000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e3e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e53000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "TextShaping.dll"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\TextShaping.dll"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\TextShaping.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000330"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\TextShaping.dll"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000330"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00094000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73881000"
              },
              {
                "name": "ModuleName",
                "value": "TextShaping.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73881000"
              },
              {
                "name": "ModuleName",
                "value": "TextShaping.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73881000"
              },
              {
                "name": "ModuleName",
                "value": "TextShaping.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73881000"
              },
              {
                "name": "ModuleName",
                "value": "TextShaping.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-06-28 21:56:14,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\TextShaping"
              },
              {
                "name": "DllBase",
                "value": "0x737f0000"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\TextShaping"
              },
              {
                "name": "BaseAddress",
                "value": "0x737f0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7387f2b0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74f43000"
              },
              {
                "name": "ModuleName",
                "value": "gdi32full.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74f43000"
              },
              {
                "name": "ModuleName",
                "value": "gdi32full.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e40000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e3b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 724
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000101",
                "pretty_value": "KEY_QUERY_VALUE|KEY_WOW64_64KEY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane2"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "SimSun-ExtB"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2"
              }
            ],
            "repeated": 1,
            "id": 727
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane5"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5"
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane7"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane9"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane10"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane11"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11"
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane12"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane13"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane14"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane15"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": "Plane16"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16"
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 743
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000109",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_WOW64_64KEY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffb4\\xfff3\\xff9a~\\xffe3\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x1a\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x18\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000032c"
              },
              {
                "name": "Index",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000101",
                "pretty_value": "KEY_QUERY_VALUE|KEY_WOW64_64KEY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000032c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "MS Shell Dlg 2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\MS Shell Dlg 2"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e3b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "3636",
            "caller": "0x00c8db0c",
            "parentcaller": "0x00c8a0cb",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8daeb",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "[6/28/2026, 14:56:14] "
              },
              {
                "name": "Length",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "Extracting files to: C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\"
              },
              {
                "name": "Length",
                "value": "85"
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-06-28 21:56:14,824",
            "thread_id": "3636",
            "caller": "0x00c8dda2",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "\r\n"
              },
              {
                "name": "Length",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-06-28 21:56:14,840",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-06-28 21:56:14,840",
            "thread_id": "3636",
            "caller": "0x00c913ee",
            "parentcaller": "0x00c90036",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-06-28 21:56:14,840",
            "thread_id": "3636",
            "caller": "0x00c8d617",
            "parentcaller": "0x00c901c2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-06-28 21:56:14,840",
            "thread_id": "3636",
            "caller": "0x00c8f374",
            "parentcaller": "0x00c8d667",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xa4\\x90\\x06\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 760
          },
          {
            "timestamp": "2026-06-28 21:56:14,840",
            "thread_id": "3636",
            "caller": "0x00c8d6b1",
            "parentcaller": "0x00c8f5c2",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "7z\\xbc\\xaf'\\x1c\\x00\\x03\\xc3\\xef\\xefuk_=\\x00\\x00\\x00\\x00\\x00%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbf\\xdc\\xb4 "
              },
              {
                "name": "Length",
                "value": "32"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-06-28 21:56:14,840",
            "thread_id": "3636",
            "caller": "0x00c8d7d7",
            "parentcaller": "0x00c8f669",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x110\\x06\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d7d7",
            "parentcaller": "0x00c8f669",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "/\\xf0C\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d6b1",
            "parentcaller": "0x00c8f5c2",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "\\x17\\x06\\xe0.Z=\\x01\t\\x85=\\x00\\x07\\x0b\\x01\\x00\\x01#\\x03\\x01\\x01\\x05]\\x000\\x00\\x00\\x0c\\xa4\\x97\n\\x01M\\xa9\\xcfj\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "37"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e40000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0010b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099fa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d7d7",
            "parentcaller": "0x00c8f669",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf2\\xeaC\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d6b1",
            "parentcaller": "0x00c8f5c2",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x813\\x07\\xaem\\xc9t/\\xcfE\\xf7\\x1f\\x99\\xe4\\xea\\x1d\\xd4\\xc9\\xd3\\xeeO\\x01M\\x90X\\x05aqR'\\xeb\\x1b\\xb9N}\\xe1\\xa1\\xdb\\xed\\xb5\rS\\xe5Q\\xe4\\x1a\\xe0N\\xdb\\x19p\\xb0\\xdf\\x0f\\xdc\rs\\xd4\\xc3F\\x14\\xd6\\xacqfO4\\xe8\\xc9\\xc7Z2l\\x07\\x96[\\xfb\\x0c\\xb7>P]\\xaa\\x85\\x1df\\x87\\xffmah\\xaaRQ:\\x93\\x8b\\x14H\\xd3\\x10\\xffW\\x94W\\x03\\x18\\&\\x9c0O\\x19\\xb0Up_6\\xe5\\x87\\x15dPC\\x91\\xbc\\x93\\xf4F\\x97\\xe1\\x83\\xf2\\x8aT>\t\\x8f3\\xe0>\\xcd\\x1f\\xbar\\x96m#\\xd3\\xf9\\x92.\\x14\\x96\\x94\\xb2]\\xc7\\xdf\\x07\\x07\\xaa|]r\\x9d\\x9c\\xc1V\\x0f\t\n\\x14^\\x8e\\x84\\x95\\xf8Iz\\xf6\\xf6\\x18-8@\\xf3m\\xa6\\xb5n\\x9eM\\xc5\\x10p\\x08GJ\\x8b2\\xa4\\x95\\x83\\x1a\\xac\\xcb\\xfeW\\xda\\xd1=\\xe2\\x8a*\\x8d\\xddX\\xa3\\xf7\\xd5'_{k\\xe0',6\\xd8\\x9a\\x05\\xfe`bX\\x1e\\xcf\\xa4\\xc3\\xde\\x99\\xd0\\xc6\\xb5\\xc5\\xdbkT5%\\xe0\\xd8\\xcb"
              },
              {
                "name": "Length",
                "value": "1341"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e47000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0010b000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00ca7d88",
            "parentcaller": "0x00cb3b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00ca7d32",
            "parentcaller": "0x00ca7863",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e47000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0af90000"
              },
              {
                "name": "RegionSize",
                "value": "0x01002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0bf91000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00110000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099ff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0bfa0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0100d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0bfa0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0cfac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0cfb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0010b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0cfb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d0ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e5b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00061000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d0c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0100f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d0c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0e0ce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0e0d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00102000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0e1d1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00cb430b",
            "parentcaller": "0x00c9c998",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000035c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x00cb4160"
              },
              {
                "name": "Parameter",
                "value": "0x04e14da8"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4660"
              },
              {
                "name": "ProcessId",
                "value": "3412"
              },
              {
                "name": "Module",
                "value": "vs_Community_1_.exe"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00cb430b",
            "parentcaller": "0x00c9c998",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x0000035c",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x00cb4160"
              },
              {
                "name": "ModuleName",
                "value": "vs_Community_1_.exe"
              },
              {
                "name": "Parameter",
                "value": "0x04e14da8"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "4660"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00cb430b",
            "parentcaller": "0x00c9c998",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x00cb4160"
              },
              {
                "name": "Parameter",
                "value": "0x04e150e8"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4948"
              },
              {
                "name": "ProcessId",
                "value": "3412"
              },
              {
                "name": "Module",
                "value": "vs_Community_1_.exe"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00cb430b",
            "parentcaller": "0x00c9c998",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x0000036c",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x00cb4160"
              },
              {
                "name": "ModuleName",
                "value": "vs_Community_1_.exe"
              },
              {
                "name": "Parameter",
                "value": "0x04e150e8"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "4948"
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00cb430b",
            "parentcaller": "0x00c9c998",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000037c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x00cb4160"
              },
              {
                "name": "Parameter",
                "value": "0x04e150c8"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "2108"
              },
              {
                "name": "ProcessId",
                "value": "3412"
              },
              {
                "name": "Module",
                "value": "vs_Community_1_.exe"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00cb430b",
            "parentcaller": "0x00c9c998",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x0000037c",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x00cb4160"
              },
              {
                "name": "ModuleName",
                "value": "vs_Community_1_.exe"
              },
              {
                "name": "Parameter",
                "value": "0x04e150c8"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "2108"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0e5a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0010d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0e5a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0e6ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04ebc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0e6b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0010f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0e6b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0e7be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d5b5",
            "parentcaller": "0x00c9049c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04ecd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d7d7",
            "parentcaller": "0x00c8f669",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "~:B\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c8d6b1",
            "parentcaller": "0x00c8f5c2",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x02\\x03\\x13j\\xcdw\\x0bIL\\x00\\x10\\x93\\x8d-\\xc7\\xccQ\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x008Cl\\xf4\\x00\\x00\\x00\\x00\\xc9}\\x86\\x1e\\x0f\\x9f\\xaefm\\xc9\\x18t\\x0b\\xc7\\xf5\\xf7L=\\xee\\x9c~\\xa24E\\xbd\\xa4\\xfd\\x96a\\xc4J\tN\\x99\\xfc\\x06\\x8e\\xe7r\\x8c\\x14\\x88\\xbe\\xbc\\xfd\\x15\\xe1\\x82B\\x96\\xe0'G\\xe4\\x92C\\xecE\\x9a\\xea\\x9a\\x9b\\x00\\xe9[L\\xb6\\xfc\\x14\\x0b\\x04l\\xde\\xa1\\xc7\\xee\\xceLg!\\xd7\t\\x17l\\xc4\\xf9\\x93=N\\xcc\\xfe\\xd3\\xc0\\x03F~\n\\xa0@5\\xfd\\x0c\\xef\\xc0)\\xed8,\\xab\\xe4\\x18(\\xd6\\xd1]\\xf9?\\xecl\\xdf\\xdd\\x07\\xb8\\x8b\\x17\\xd7\\xdcHh\\xbd\\xe6\n\\x10\\xc9\\x05H\\x01\\x00\rb#s\\xe2\\x81\\xe6\\x96\\xa9P\\x11?\\x85(\\xfd"
              },
              {
                "name": "Length",
                "value": "5151"
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "4660",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "4660",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "4660",
            "caller": "0x00ca9b2b",
            "parentcaller": "0x00ca9bf4",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-2"
              },
              {
                "name": "BaseAddress",
                "value": "0x74cf0000"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "4660",
            "caller": "0x00ca9b2b",
            "parentcaller": "0x00ca9bf4",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x74cf0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-2"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "4660",
            "caller": "0x00ca9c04",
            "parentcaller": "0x00ca9c91",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74cf0000"
              },
              {
                "name": "FunctionName",
                "value": "AppPolicyGetThreadInitializationType"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74cf3a60"
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-06-28 21:56:14,855",
            "thread_id": "4660",
            "caller": "0x00c9c902",
            "parentcaller": "0x00cb41b8",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-06-28 21:56:14,871",
            "thread_id": "4660",
            "caller": "0x00c8d7d7",
            "parentcaller": "0x00c8f669",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xedfC\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-06-28 21:56:14,871",
            "thread_id": "4660",
            "caller": "0x00c8d6b1",
            "parentcaller": "0x00c8f5c2",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x01\\xd5t\\x19\\xba\\xcf>\\xaey\\xe5\\xb7t\\x04k\\x9a\\xae\\x07\\xe8\\x02\"\\x0e\\xb2'\\x9d\\xc6\\xcbC\\xff\\x92\\xcc\\x93Ft\\xd2LR\\x8f\\xf7a\\xcf\\xb3\\xbcX\\x9a\\xbe\\xaa\\xdb\\xfaW\\xea\\xe7\\xf9\\x84dM\\xd7\\xcb}n|\\xc8sQ\\xf9=\\\\xef\\x87\\xda\\xac\\x9a\\xe8\\xd7NjF\\x82-1\\xcbp\\xd3\\xb3\\xdb=\\xe1\\x04\\xbf\\xf9\\x94\\x13P\\x012\\x92p\\x12\\xa8]o\\xcc\\x1c\\xf5\\xc1*\\xff\\xc9c\\x8b\\xd7\\xa3;\\xe2\\xb2\\x0c\\x1f\\xf3h\\xd1\\x1bZ3n\\xd5u\\xfe\\xff\\x8a\\x03\\x01\\x91\"\\x89\\xd6\\xa5r8\\x900\\xcc)\\x97h[p\n\\x16\\xcc\\x13/\\xcf\\xd4\\xaa'iP*04\\x82@t\\xc5\n\\xc0 \\x97\\xba&\\x175jh\\xabwe\\xec\\xfb\\x17)\\x1a\\xf3\\xccn\\x10\\x01\\xf8\\xc3k\\xa6:+\\x1dW4\\xad\\x18\\xacJ2\\xe1\\x87\\xff\\x8c\\xf5<\\xd5\\x16\\xb2[H\\x19\\xbe\\x03\\xbf\\xee*\\xd3\\x03M\\x04\\x89\\x82\\xde\\xed\\x87\\x9f\\xe75*\\x9d\\x01\\x12r?\\x07\\x1cq\\xe7\\xc1\\x93Y\\x12\\x88ZP\\xb1\\xb3\\xcb\\xfah}\\xe9\\xe0"
              },
              {
                "name": "Length",
                "value": "33797"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-06-28 21:56:14,871",
            "thread_id": "4948",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-06-28 21:56:14,871",
            "thread_id": "4948",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-06-28 21:56:14,871",
            "thread_id": "4948",
            "caller": "0x00c9c902",
            "parentcaller": "0x00cb41b8",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-06-28 21:56:14,871",
            "thread_id": "4948",
            "caller": "0x00c8d7d7",
            "parentcaller": "0x00c8f669",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x9dNB\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-06-28 21:56:14,886",
            "thread_id": "4948",
            "caller": "0x00c8d6b1",
            "parentcaller": "0x00c8f5c2",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x02\\x9b\\x9a\\x19-\\x98\\x96R\\xc0\\xda5\\xdd\\xf9\\xcdP\\xac\\xcd\\xce\\xc7\\x8c\\xfa^Kh\\x06[[\\x1f\\xe7\\x1ej4hs\\xc2\\xdf\\xb1\\xcd;\\xbd\\xcf\\x0e\\x15\\x1b\\xf8\\\\xa0\\xaa\\x15\\x92]0z'&\\xa2\\xcd\\x04\\xd9S\\x1d\\x90nrQ\\x0b\\xbe\\xff\\xecZQ\\xc0\\x84S\\x1cN&|W\\xe7[M\r\\x13y\\xab{\\x893\\x0b\\xb4\\xbc\\xb4\\xeb?\\xe8:[\\x9f\\xd3'\\x1b\\x0c/vlL\\xea\\xcahR\\x01\\xd5\\xa5dU\\xf1\\xc7\\xd5\\x9e\\x9c\\xfe;m\\xaaE\\xf5\\xe7\\x11\\xd7X\\xe1d\\xe78\\xed~&K(\\xab\\xae\\xb0\\xa5JJ\\xf1\\xf1\\x94\\xb1\\x82\\xc6tq\\xd2P\\xa0y\\x84.\\x98\\x01\\x98\\xdb\\xf1Rr\\xf5K`\\xda\\xcc\\xb7\\xe7\\xfeoG\\x15;\\xec\\x15\\x84\\xbd1\\xb4\\x92z\\xb1O\\xda\\xa0\\xfc\\xa3\\xfa\\xe5'A\\xaf\\xd6q\\x1b\\x99X]\\x1c\\x0f6\\x91}\\xaa\\x17\\xdeY\\x04\\x1fH\\xf4A\\xc5\\x11\\xfb\\xa4\\xad\\\\xab\\xa44\\xee\\xffq\\xbfF\\xeb\\xbb\\xfa\\x92\\xa2\\xe4\\xd2\"x\\xf2\\x1aO14\\xd4j\\xaeJP\\xa4p\\xe4"
              },
              {
                "name": "Length",
                "value": "71760"
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-06-28 21:56:14,886",
            "thread_id": "2108",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-06-28 21:56:14,886",
            "thread_id": "2108",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-06-28 21:56:14,886",
            "thread_id": "2108",
            "caller": "0x00c9c902",
            "parentcaller": "0x00cb41b8",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-06-28 21:56:14,886",
            "thread_id": "2108",
            "caller": "0x00c8d7d7",
            "parentcaller": "0x00c8f669",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x110\\x06\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-06-28 21:56:14,886",
            "thread_id": "2108",
            "caller": "0x00c8d6b1",
            "parentcaller": "0x00c8f5c2",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "\\x00w\\xae\\xd4\\xa2\\xfe\\x1bJ\\xbfg|E\\xb0\\x81V\"`WQ\\xc61\\xa6\\xbe\\xbf\\xf3\\x88z\\x18\\x7fni\\xfc\\xf7\\xe6\\xd2\\xe9\\x12\\xf2\\x9d\\x02\\xb5H\\xd1\\xa2g\\x92\\xfb\\xec\\xe8\\x14\\xf1\\xc93\\xd6|t$x\\xf8$\\xaa\\xba\\x13\\xa6\\xbcch%\\xe0\\x8dc9\\x10=#9=T\\xd2\\xc6\\x93hbt\\x04\\xf01>\\xfb(\\x0c\\x1d\\x84g\\xdd.\\xfa\\x7f\\xf4\\x10\\xe68\\xc07\\xce:\\xfa]/\\x8d\\xb0\\x17\\x81e\\x90\\x90u \\x00\\xe0\\xf0\\xbb\\xc0\\x16\\xa8\\xcf\\xa0\\xd6\\xb1=\\xbd\\xc8I\\x8aC\\xe6\\xe0\\xfd\\xe7\\x8b\\xfb\\xac\\x06\\xb1=\\xf6\\x9e\\xe0}\\xfa'W\\xb0Z\\x1c\\xa9\\xed\\x8cM\\@\\xffo\\x8fQ-sg\\x13\\x12\\x0b\\x11\\x0ea\\x10\\x19!\\xd7\\xe1\\xc7\\xf8l#\\xc6\\xe1\tL\\xb2\\xd7(\\x179\\xfb@\\xbbq\\x99\\xa1PTA\\xef6u\\xf8g\\xc9\\xa9$\\xfe\\x07\\x07s\\xbfo\\xe7\\xe7\\xaa\\xde@\\x1a\\x87\\xb9z\\xff\\x816\\xc4M\\x90/\\xe5\\xa6\\xc7\\x9fjn\\xf3dv\\x10?g\\xfa\\xa0\\xab\\xd4\\xa7Ez\\xeaJ\\x07\\x84$\\xac"
              },
              {
                "name": "Length",
                "value": "1048576"
              }
            ],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-06-28 21:56:14,933",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-06-28 21:56:14,965",
            "thread_id": "2108",
            "caller": "0x00c8d7d7",
            "parentcaller": "0x00c8f669",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x110\\x16\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-06-28 21:56:14,965",
            "thread_id": "2108",
            "caller": "0x00c8d6b1",
            "parentcaller": "0x00c8f5c2",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "\\x87\\xa7\\x15\\xc0\\xe8.T\\xe2\\xf2\\xea?'\\xc3(8'T\\xfe\\xd2\\x02T\\xf7\\x13\\x8c\\xc0\\xe1\\x0e\\x90\\xe1\\x11\\xcf\\xc2\\xc2)\\x95\\x98\"\\x01\"]\\xfa\\xb1\\xb4\\xe8\\x82`\\xbe\\x04Lj4\\x92\\xe0\\x0fY.\\xf8\\xafpX\\xa0 \\x95h<\\xffB`a\\x16\\xb8\\xd4\\x85L\\xb0\n.s\\xd2\\xc2\t(\\xae5\\x1c}\\xef\\x9b\\x04\\xe8F\\xd4\\xf5\\x0e(qJ\\xb6\\xefH\\xbf- \\xf9(\\xc8\\x04M\\x88\\xc6\\xbcy\\x9b\\xfa\\xff\\xf6\r\\xd5\\xd3\\xe2\\xddso\\xe8>S\\x8fc\\x07T\\xd9\\xb0:I\\xf7\nL[\\x82\\x93vV.??\\xb6\\xb8\\xd8\\xc5\\x7f\\xafR\\x80\\xfcO\\xf2\\xb4,\\x91\\xa8H\\xde\\xbc\\x81\tiP\\xf0\\x02\\x83d\\xa4\\xc1\\xae\\x11\\xf3A\\x9fJ\\xa7(\\x0f\\x8b\\xa1\\xeb\\x06\\x9c\\xc6\\xff6\\x17`}?\\xa1\\xc0\\xd1\\xec\\xbe\\xf1\\xe6`\\xee\\xae\\xb4\\xa1\"\\xd3\\xbb)\\xf6.\\xef\\xb1T\\x0f\\xeb\\xae9\\xa2@j.\\xda\\x0fw\\xfd\\xb9\\xcc>\\xce\\xc7\\xc1\\x8c8<n\\xa38\\xac\\xd28\\xf8\\xc4\\xe0F\r\\xcf\\x87sx\\x1b6\\xf0z?"
              },
              {
                "name": "Length",
                "value": "1048576"
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-06-28 21:56:14,980",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 831
          },
          {
            "timestamp": "2026-06-28 21:56:15,074",
            "thread_id": "2108",
            "caller": "0x00c8d7d7",
            "parentcaller": "0x00c8f669",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x110&\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-06-28 21:56:15,074",
            "thread_id": "2108",
            "caller": "0x00c8d6b1",
            "parentcaller": "0x00c8f5c2",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "}\\x13\\xa0S\\xc8~\\x97\\xbdP\\x16\\xf12\\x8c\\x9d\\x80\\xf8B\\x8f\\xad\\x99\\x01\\x13\\x87IW\\x9a*\\x03\\x8b^\\xc3\\xe2\\xe7{\\xe1\\xba,\\xc5\\xb9\\xa7\\xf8\\xe1WpP\\x96\\xf9\\xfc\\xef\\x1f\\xc2\\xaek\\x8e\\xe2\\x1e\\x876\\xa1?\\x1c1N\\xc3\\xa5\\x0b\n3\\xd6\\xc0z\\xf3\\xf7\\xb79\\xf2x\\x1c\\xd1\\xe6G\\x0b\\xd4\\x93F\\x13\\xcd\\x1c+F\\xb9\\xb5\\xfc\\x06\\xf5)\\x17OE\\xed\\x06\\x8de\\xb0\\x93\\xcdW\\xbc\\x9a\\x8e\\x10\\xe3\\x139\\xa2\\xb3\\x16\\xa7\\x8f\\x9a8\\xaf\\xb8\\x02\\xbb\\x0b$u\\x9c\\xf5\\x15N\\x003\\xc9(\\xaf\\xe0\\xc0 \\xd7)98\\xd48\\xc6Q\\\\xba\\xdd\\xd73\\xe8\\x81(B\\x81t\\x1c\\xff3\\xef\\x05>\\x95\\xf9EK7X\\xa1!\\\\xed0\\xda\n[\\xb5\\xf6G7aZ\\xdd\\xb3\\x81\\x12\\x7f\\x80\\xf7d\\xaa\\xf34k@\\x88\\xa9\\xc3\\x1b\\x80\\xe5\\xf5\t\\x9d(\\xd4\\xcb\\x9d\\xb5\\xc6\\xa2\\xb5\\xcc\\xd7\\x99\\xf8g\\xb0Mg\\xc9\\xe8Z\\xb8\\xd4\\xa9\\xb6\\xc11~/\\x98F\\xfb\\xe5\\x10\\xcdPC_Z\\xdf\\x1e\\x94\\x05\\x11&\\x17\\x16\\xa6\\xb0\\xfd\\x7f"
              },
              {
                "name": "Length",
                "value": "1048576"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-06-28 21:56:15,074",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 3,
            "id": 834
          },
          {
            "timestamp": "2026-06-28 21:56:15,168",
            "thread_id": "2108",
            "caller": "0x00c8d7d7",
            "parentcaller": "0x00c8f669",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x1106\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-06-28 21:56:15,168",
            "thread_id": "2108",
            "caller": "0x00c8d6b1",
            "parentcaller": "0x00c8f5c2",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000032c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
              },
              {
                "name": "Buffer",
                "value": "\\x99!\\xaeS\\x94\r\\x96\\xa6\\x1f*\\xc3-\\x00;FU\"\\x1cf\\xcf\\xa5q\\xb5\\xb0\\x83\\xf0\\x8f\\xe2\\xf8\\x0b>D\td\\xb5\\xb7\\x12\\xb7sO\\x0e\\xd1\\x89\\xc0\\xaa\\x12\"Pk\\xba\\x8f\\xde\\xe2\\xa5\\x9f=C\\x154\\x90\\xa0/\\xa6\\xc2d\\xde\\xd0gG+Hy\\xa9L\\xb0\\xd6a\\x8c\\x8d\\xc0m\\x916\t\\x9a;JV\\x86\\x97\\xe5\\xd6\\x9e0\\xfb\\x92x2'\\x16<\\x19\\xab\\xb8\\xf2,-\\x02\\xd0\\xc4\\xf3\\xf48^\\x0e\\x02\\x1f\\xab\\xa8\\x83\\x1b\\xe6\\xad^A\\xdb\\x05\\xae\\xa8\\x8e\\x9a\\xb2\\xd8}\\x1dM\\xa6\\xbcvZ\\x01R\\x8bo\\x9b\\xeb\\x15U\\xb6v+\r;\\x90\\xf3\\xebT\\x83f\\xe5<\\x1ab\\xa0\\xfc\\xf0\\x88\\xc4\\xc7pGO\\x01\\x8e!!\\xb9\\xa1\\x06f\\xadB\\xbd\\xde\\xf0\\xce\\xcc\\xb1\\xc1\\xbb\\xf3\\x99'\\xe3)\\x13\\xf5\\x1f\\x9a&\\x82_\\xe2Wxk\r'\\xc6\\xb1@\\xccN\\xb6:\\x8e\\x01\\x06\\x04\\xfa)vR\\xb9\\xb1\\xb9\\x08 \\xe3K\\xc0\\xa7\\x7f%1\\x014\\x9f\\xe3\\xfd}\\x88\\x8e\\xea\\xbc\\x84\\xbc\\xcf\\xac\\xe2\\xbbJ\\xf5\\xc3\rC"
              },
              {
                "name": "Length",
                "value": "764346"
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-06-28 21:56:15,215",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-06-28 21:56:15,230",
            "thread_id": "3636",
            "caller": "0x00c8e1a7",
            "parentcaller": "0x00c8a431",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04ede000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-06-28 21:56:15,230",
            "thread_id": "5088",
            "caller": "0x00c8a997",
            "parentcaller": "0x00c8a80b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-06-28 21:56:15,230",
            "thread_id": "5088",
            "caller": "0x00c8a997",
            "parentcaller": "0x00c8a80b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-06-28 21:56:15,230",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\"
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-06-28 21:56:15,230",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\"
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-06-28 21:56:15,230",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033"
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-06-28 21:56:15,230",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033"
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile"
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15"
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8ee52",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile"
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8ee52",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8ee52",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000388"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "S]\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 854
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "S]\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "S]\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\xfeff<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n    <style>\r\n        body {\r\n            padding-right: 0px;\r\n            padding-left: 0px;\r\n            font-size: 12pt;\r\n            background:"
              },
              {
                "name": "Length",
                "value": "23891"
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-06-28 21:56:15,246",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-06-28 21:56:15,261",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-06-28 21:56:15,261",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-06-28 21:56:15,261",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-06-28 21:56:15,261",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-06-28 21:56:15,261",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-06-28 21:56:15,261",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-06-28 21:56:15,277",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-06-28 21:56:15,277",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000390"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-06-28 21:56:15,277",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "!^\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 869
          },
          {
            "timestamp": "2026-06-28 21:56:15,277",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "!^\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-06-28 21:56:15,277",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "!^\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-06-28 21:56:15,277",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-06-28 21:56:15,277",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\xfeff<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n    <style>\r\n        body {\r\n            padding-right: 0px;\r\n            padding-left: 0px;\r\n            font-size: 12pt;\r\n            background:"
              },
              {
                "name": "Length",
                "value": "24097"
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-06-28 21:56:15,277",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-06-28 21:56:15,277",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-06-28 21:56:15,277",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-06-28 21:56:15,293",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-06-28 21:56:15,293",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-06-28 21:56:15,308",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-06-28 21:56:15,308",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-06-28 21:56:15,308",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-06-28 21:56:15,308",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000384"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-06-28 21:56:15,308",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x80_\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 883
          },
          {
            "timestamp": "2026-06-28 21:56:15,308",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x80_\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-06-28 21:56:15,308",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x80_\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-06-28 21:56:15,308",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-06-28 21:56:15,308",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\xfeff<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n    <style>\r\n        body {\r\n            padding-right: 0px;\r\n            padding-left: 0px;\r\n            font-size: 12pt;\r\n            background:"
              },
              {
                "name": "Length",
                "value": "17548"
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-06-28 21:56:15,308",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 888
          },
          {
            "timestamp": "2026-06-28 21:56:15,308",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
              },
              {
                "name": "Buffer",
                "value": "gt;</code></td>\r\n                    <td>Y\\xfckleyicinin renk temas\\x131n\\x131 de\\x11fi\\x15ftirir. De\\x11ferler A\\xe7\\x131k/Koyu/HighContrast olabilir.\r\n                    </td>\r\n                </tr>\r\n                <tr>\r\n                    <td><code>--wait</code></td>\r\n   "
              },
              {
                "name": "Length",
                "value": "6900"
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-06-28 21:56:15,308",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-06-28 21:56:15,308",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-06-28 21:56:15,308",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-06-28 21:56:15,324",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-06-28 21:56:15,324",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-06-28 21:56:15,324",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 895
          },
          {
            "timestamp": "2026-06-28 21:56:15,324",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\"
              }
            ],
            "repeated": 0,
            "id": 896
          },
          {
            "timestamp": "2026-06-28 21:56:15,324",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\"
              }
            ],
            "repeated": 0,
            "id": 897
          },
          {
            "timestamp": "2026-06-28 21:56:15,324",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-06-28 21:56:15,324",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000398"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-06-28 21:56:15,324",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x93c\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 900
          },
          {
            "timestamp": "2026-06-28 21:56:15,324",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x93c\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 901
          },
          {
            "timestamp": "2026-06-28 21:56:15,324",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x93c\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 902
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\xfeff<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n    <style>\r\n        body {\r\n            padding-right: 0px;\r\n            padding-left: 0px;\r\n            font-size: 12pt;\r\n            background:"
              },
              {
                "name": "Length",
                "value": "25491"
              }
            ],
            "repeated": 0,
            "id": 904
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 906
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000039c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000039c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\"
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\"
              }
            ],
            "repeated": 0,
            "id": 911
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "/d\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 914
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "/d\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "/d\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 916
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 917
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\xfeff<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n    <style>\r\n        body {\r\n            padding-right: 0px;\r\n            padding-left: 0px;\r\n            font-size: 12pt;\r\n            background:"
              },
              {
                "name": "Length",
                "value": "25647"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 919
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 920
          },
          {
            "timestamp": "2026-06-28 21:56:15,340",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 921
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 923
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\"
              }
            ],
            "repeated": 0,
            "id": 925
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\"
              }
            ],
            "repeated": 0,
            "id": 926
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000039c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0d\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 929
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0d\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0d\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 931
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 932
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\xfeff<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n    <style>\r\n        body {\r\n            padding-right: 0px;\r\n            padding-left: 0px;\r\n            font-size: 12pt;\r\n            background:"
              },
              {
                "name": "Length",
                "value": "7498"
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
              },
              {
                "name": "Buffer",
                "value": "loads</code></td>\r\n                    <td>Installiert alle Workloads und Komponenten, aber keine empfohlenen oder optionalen Komponenten.</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><code>--includeRecommended</code></td>\r\n  "
              },
              {
                "name": "Length",
                "value": "18278"
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-06-28 21:56:15,371",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-06-28 21:56:15,386",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-06-28 21:56:15,386",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-06-28 21:56:15,386",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-06-28 21:56:15,386",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\"
              }
            ],
            "repeated": 0,
            "id": 941
          },
          {
            "timestamp": "2026-06-28 21:56:15,386",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\"
              }
            ],
            "repeated": 0,
            "id": 942
          },
          {
            "timestamp": "2026-06-28 21:56:15,386",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-06-28 21:56:15,402",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000394"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-06-28 21:56:15,402",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "$o\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 945
          },
          {
            "timestamp": "2026-06-28 21:56:15,402",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "$o\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 946
          },
          {
            "timestamp": "2026-06-28 21:56:15,402",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "$o\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-06-28 21:56:15,402",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-06-28 21:56:15,402",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\xfeff<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n    <style>\r\n        body {\r\n            padding-right: 0px;\r\n            padding-left: 0px;\r\n            font-size: 12pt;\r\n            background:"
              },
              {
                "name": "Length",
                "value": "28452"
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-06-28 21:56:15,402",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-06-28 21:56:15,402",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-06-28 21:56:15,402",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-06-28 21:56:15,402",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-06-28 21:56:15,402",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-06-28 21:56:15,402",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-06-28 21:56:15,418",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\"
              }
            ],
            "repeated": 0,
            "id": 956
          },
          {
            "timestamp": "2026-06-28 21:56:15,418",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-06-28 21:56:15,418",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-06-28 21:56:15,418",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-06-28 21:56:15,418",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "6X\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 960
          },
          {
            "timestamp": "2026-06-28 21:56:15,418",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "6X\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 961
          },
          {
            "timestamp": "2026-06-28 21:56:15,433",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "6X\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 962
          },
          {
            "timestamp": "2026-06-28 21:56:15,433",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-06-28 21:56:15,433",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\xfeff<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n    <style>\r\n        body {\r\n            padding-right: 0px;\r\n            padding-left: 0px;\r\n            font-size: 12pt;\r\n            background:"
              },
              {
                "name": "Length",
                "value": "18806"
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-06-28 21:56:15,433",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-06-28 21:56:15,433",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\x5f84\\x3002\\x53d7\\x652f\\x6301\\x7684\\x8def\\x5f84\\x540d\\x79f0\\x4e3a\\x5171\\x4eab\\x3001\\x7f13\\x5b58\\x548c\\x5b89\\x88c5\\x3002</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><code>--path cache=&lt;path&gt;</code></td>\r\n                    <td>\\x4f7f\\x7528\\x6307\\x5b9a\\x7684\\x4f4d\\x7f6e\\x4e0b\\x8f7d\\x5b89\\x88c5\\x6587\\x4ef6\\x3002\\x53ea\\x80fd\\x5728"
              },
              {
                "name": "Length",
                "value": "3776"
              }
            ],
            "repeated": 0,
            "id": 966
          },
          {
            "timestamp": "2026-06-28 21:56:15,433",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-06-28 21:56:15,433",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 968
          },
          {
            "timestamp": "2026-06-28 21:56:15,433",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-06-28 21:56:15,433",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-06-28 21:56:15,433",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 971
          },
          {
            "timestamp": "2026-06-28 21:56:15,449",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\"
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-06-28 21:56:15,449",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\"
              }
            ],
            "repeated": 0,
            "id": 973
          },
          {
            "timestamp": "2026-06-28 21:56:15,449",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-06-28 21:56:15,449",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-06-28 21:56:15,449",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x93X\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 976
          },
          {
            "timestamp": "2026-06-28 21:56:15,449",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x93X\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-06-28 21:56:15,449",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x93X\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 978
          },
          {
            "timestamp": "2026-06-28 21:56:15,449",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 979
          },
          {
            "timestamp": "2026-06-28 21:56:15,449",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\xfeff<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n    <style>\r\n        body {\r\n            padding-right: 0px;\r\n            padding-left: 0px;\r\n            font-size: 12pt;\r\n            background:"
              },
              {
                "name": "Length",
                "value": "22675"
              }
            ],
            "repeated": 0,
            "id": 980
          },
          {
            "timestamp": "2026-06-28 21:56:15,449",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 981
          },
          {
            "timestamp": "2026-06-28 21:56:15,449",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 982
          },
          {
            "timestamp": "2026-06-28 21:56:15,449",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 983
          },
          {
            "timestamp": "2026-06-28 21:56:15,465",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 984
          },
          {
            "timestamp": "2026-06-28 21:56:15,465",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 985
          },
          {
            "timestamp": "2026-06-28 21:56:15,465",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 986
          },
          {
            "timestamp": "2026-06-28 21:56:15,465",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\"
              }
            ],
            "repeated": 0,
            "id": 987
          },
          {
            "timestamp": "2026-06-28 21:56:15,465",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\"
              }
            ],
            "repeated": 0,
            "id": 988
          },
          {
            "timestamp": "2026-06-28 21:56:15,465",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 989
          },
          {
            "timestamp": "2026-06-28 21:56:15,465",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 990
          },
          {
            "timestamp": "2026-06-28 21:56:15,465",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe2\\\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 991
          },
          {
            "timestamp": "2026-06-28 21:56:15,465",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe2\\\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 992
          },
          {
            "timestamp": "2026-06-28 21:56:15,465",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe2\\\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 993
          },
          {
            "timestamp": "2026-06-28 21:56:15,465",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 994
          },
          {
            "timestamp": "2026-06-28 21:56:15,465",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\xfeff<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n    <style>\r\n        body {\r\n            padding-right: 0px;\r\n            padding-left: 0px;\r\n            font-size: 12pt;\r\n            background:"
              },
              {
                "name": "Length",
                "value": "23778"
              }
            ],
            "repeated": 0,
            "id": 995
          },
          {
            "timestamp": "2026-06-28 21:56:15,465",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 996
          },
          {
            "timestamp": "2026-06-28 21:56:15,465",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 997
          },
          {
            "timestamp": "2026-06-28 21:56:15,480",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 998
          },
          {
            "timestamp": "2026-06-28 21:56:15,480",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 999
          },
          {
            "timestamp": "2026-06-28 21:56:15,480",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 1000
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\"
              }
            ],
            "repeated": 0,
            "id": 1001
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\"
              }
            ],
            "repeated": 0,
            "id": 1002
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1003
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1004
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb1b\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1005
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb1b\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1006
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb1b\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1007
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1008
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\xfeff<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n    <style>\r\n        body {\r\n            padding-right: 0px;\r\n            padding-left: 0px;\r\n            font-size: 12pt;\r\n            background:"
              },
              {
                "name": "Length",
                "value": "15307"
              }
            ],
            "repeated": 0,
            "id": 1009
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1010
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1011
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
              },
              {
                "name": "Buffer",
                "value": "owane dla innych polece\\x144, je\\x15bli okre\\x15blono <code>--installPath</code>.\r\n                    </td>\r\n                </tr>\r\n                <tr>\r\n                    <td><code>--channelUri &lt;uri&gt;</code></td>\r\n                    <td>Identyfikator URI "
              },
              {
                "name": "Length",
                "value": "9958"
              }
            ],
            "repeated": 0,
            "id": 1012
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1013
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 1014
          },
          {
            "timestamp": "2026-06-28 21:56:15,496",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1015
          },
          {
            "timestamp": "2026-06-28 21:56:15,511",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1016
          },
          {
            "timestamp": "2026-06-28 21:56:15,511",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 1017
          },
          {
            "timestamp": "2026-06-28 21:56:15,511",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\"
              }
            ],
            "repeated": 0,
            "id": 1018
          },
          {
            "timestamp": "2026-06-28 21:56:15,511",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\"
              }
            ],
            "repeated": 0,
            "id": 1019
          },
          {
            "timestamp": "2026-06-28 21:56:15,511",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1020
          },
          {
            "timestamp": "2026-06-28 21:56:15,511",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1021
          },
          {
            "timestamp": "2026-06-28 21:56:15,511",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "Tc\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1022
          },
          {
            "timestamp": "2026-06-28 21:56:15,511",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "Tc\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1023
          },
          {
            "timestamp": "2026-06-28 21:56:15,511",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "Tc\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1024
          },
          {
            "timestamp": "2026-06-28 21:56:15,511",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1025
          },
          {
            "timestamp": "2026-06-28 21:56:15,511",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\xfeff<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n    <style>\r\n        body {\r\n            padding-right: 0px;\r\n            padding-left: 0px;\r\n            font-size: 12pt;\r\n            background:"
              },
              {
                "name": "Length",
                "value": "25428"
              }
            ],
            "repeated": 0,
            "id": 1026
          },
          {
            "timestamp": "2026-06-28 21:56:15,527",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1027
          },
          {
            "timestamp": "2026-06-28 21:56:15,527",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 1028
          },
          {
            "timestamp": "2026-06-28 21:56:15,527",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1029
          },
          {
            "timestamp": "2026-06-28 21:56:15,527",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1030
          },
          {
            "timestamp": "2026-06-28 21:56:15,527",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 1031
          },
          {
            "timestamp": "2026-06-28 21:56:15,527",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\"
              }
            ],
            "repeated": 0,
            "id": 1032
          },
          {
            "timestamp": "2026-06-28 21:56:15,527",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\"
              }
            ],
            "repeated": 0,
            "id": 1033
          },
          {
            "timestamp": "2026-06-28 21:56:15,527",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1034
          },
          {
            "timestamp": "2026-06-28 21:56:15,543",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1035
          },
          {
            "timestamp": "2026-06-28 21:56:15,543",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1036
          },
          {
            "timestamp": "2026-06-28 21:56:15,543",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xd8f\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1037
          },
          {
            "timestamp": "2026-06-28 21:56:15,543",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xd8f\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1038
          },
          {
            "timestamp": "2026-06-28 21:56:15,543",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xd8f\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1039
          },
          {
            "timestamp": "2026-06-28 21:56:15,543",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1040
          },
          {
            "timestamp": "2026-06-28 21:56:15,543",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\xfeff<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n    <style>\r\n        body {\r\n            padding-right: 0px;\r\n            padding-left: 0px;\r\n            font-size: 12pt;\r\n            background:"
              },
              {
                "name": "Length",
                "value": "26328"
              }
            ],
            "repeated": 0,
            "id": 1041
          },
          {
            "timestamp": "2026-06-28 21:56:15,543",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1042
          },
          {
            "timestamp": "2026-06-28 21:56:15,543",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 1043
          },
          {
            "timestamp": "2026-06-28 21:56:15,558",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1044
          },
          {
            "timestamp": "2026-06-28 21:56:15,558",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1045
          },
          {
            "timestamp": "2026-06-28 21:56:15,558",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 1046
          },
          {
            "timestamp": "2026-06-28 21:56:15,558",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\"
              }
            ],
            "repeated": 0,
            "id": 1047
          },
          {
            "timestamp": "2026-06-28 21:56:15,558",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\"
              }
            ],
            "repeated": 0,
            "id": 1048
          },
          {
            "timestamp": "2026-06-28 21:56:15,558",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1049
          },
          {
            "timestamp": "2026-06-28 21:56:15,574",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1050
          },
          {
            "timestamp": "2026-06-28 21:56:15,574",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xbc|\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1051
          },
          {
            "timestamp": "2026-06-28 21:56:15,574",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xbc|\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1052
          },
          {
            "timestamp": "2026-06-28 21:56:15,574",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xbc|\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1053
          },
          {
            "timestamp": "2026-06-28 21:56:15,574",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1054
          },
          {
            "timestamp": "2026-06-28 21:56:15,574",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
              },
              {
                "name": "Buffer",
                "value": "\\xfeff<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n    <style>\r\n        body {\r\n            padding-right: 0px;\r\n            padding-left: 0px;\r\n            font-size: 12pt;\r\n            background:"
              },
              {
                "name": "Length",
                "value": "3822"
              }
            ],
            "repeated": 0,
            "id": 1055
          },
          {
            "timestamp": "2026-06-28 21:56:15,574",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1056
          },
          {
            "timestamp": "2026-06-28 21:56:15,574",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
              },
              {
                "name": "Buffer",
                "value": "             <td><code>\\x443\\x434\\x430\\x43b\\x438\\x442\\x44c</code></td>\r\n                    <td>\r\n                        \\x423\\x434\\x430\\x43b\\x44f\\x435\\x442 \\x443\\x441\\x442\\x430\\x43d\\x43e\\x432\\x43b\\x435\\x43d\\x43d\\x44b\\x439 \\x43f\\x440\\x43e\\x434\\x443\\x43a\\x442.\r\n                    </td>\r\n                </tr>\r\n            </tbody>\r\n        </table>\r\n      "
              },
              {
                "name": "Length",
                "value": "28110"
              }
            ],
            "repeated": 0,
            "id": 1057
          },
          {
            "timestamp": "2026-06-28 21:56:15,574",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x98\\xac\\xa1\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1058
          },
          {
            "timestamp": "2026-06-28 21:56:15,574",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 1059
          },
          {
            "timestamp": "2026-06-28 21:56:15,590",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 1060
          },
          {
            "timestamp": "2026-06-28 21:56:15,590",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1061
          },
          {
            "timestamp": "2026-06-28 21:56:15,590",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1062
          },
          {
            "timestamp": "2026-06-28 21:56:15,590",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 1063
          },
          {
            "timestamp": "2026-06-28 21:56:15,590",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1064
          },
          {
            "timestamp": "2026-06-28 21:56:15,590",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1065
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1066
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "xU\\x06\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1067
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "xU\\x06\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1068
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "xU\\x06\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1069
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1070
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00\\xeb\\x8f\\xe7\\xac\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02\\x01\\x0b\\x010\\x00\\x00t\\x03\\x00\\x00\\xb6\\x02\\x00\\x00\\x00\\x00\\x00\\x9e\\x92\\x03\\x00\\x00 \\x00\\x00\\x00\\xa0\\x03\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x06\\x00\\x00\\x02\\x00\\x00\\x89\\xdb\\x06\\x00\\x02\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "37426"
              }
            ],
            "repeated": 0,
            "id": 1071
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1072
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1073
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "4948",
            "caller": "0x00c9c92d",
            "parentcaller": "0x00cb41b8",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1074
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000334"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1075
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\x00\n\\x07ov\\x01\\x00\n-\\xd8\\xde\n\\x07,\\x06\\x07oG\\x00\\x00\n\\xdc\\x0e\\x079\\x15\\x03\\x00\\x00\\x06\\x16\\x0e\\x07o+\\x02\\x00\no,\\x02\\x00\n\\x06\\x17\\x0e\\x07o-\\x02\\x00\no,\\x02\\x00\n\\x06\\x19\\x0e\\x07o.\\x02\\x00\no,\\x02\\x00\n\\x06\\x1a\\x0e\\x07o/\\x02\\x00\no,\\x02\\x00\n\\x06\\x1b\\x0e\\x07o0\\x02\\x00\no,\\x02\\x00\n\\x06\\x1c\\x0e\\x07o1\\x02\\x00\no,\\x02\\x00\n\\x06\\x1d\\x0e\\x07o2\\x02\\x00\no,\\x02\\x00\n\\x06\\x1e\\x0e\\x07o3\\x02\\x00\no,\\x02\\x00\n\\x06\\x1f\t\\x0e\\x07o4\\x02\\x00\no,\\x02\\x00\n\\x02{\\xe0\\x01\\x00\\x04%-\\x03&+\\x0frKN\\x00p(\\x02\\x00\\x00+oR\\x00\\x00\n\\x02{\\xe0\\x01\\x00\\x04%-\\x03&+\\x1br\\x93N\\x00p\\x06\\x16o5\\x02\\x00\n(Z\\x00\\x00\n(\\x02\\x00\\x00+oR\\x00\\x00\n\\x02{\\xe0\\x01\\x00\\x04%-\\x03&+\\x1br\\xb1N\\x00p\\x06\\x17o5\\x02\\x00\n(Z\\x00\\x00\n(\\x02\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1076
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1077
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "Buffer",
                "value": "<IsCachedInstaller>k__BackingField\\x00<UseLatestInstaller>k__BackingField\\x00<OriginalWorkingDir>k__BackingField\\x00<CurrentWorkingDir>k__BackingField\\x00<StopIfFounds>k__BackingField\\x00<Entries>k__BackingField\\x00<EnvironmentVariables>k__BackingField\\x00<CommandLineArgs>k__B"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1078
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1079
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "Buffer",
                "value": "\tMicrosoft\\x00\\x00\\x0c\\x01\\x00\\x07Release\\x00\\x003\\x01\\x00.\\xa9 Microsoft Corporation. All rights reserved.\\x00\\x00\\x1c\\x01\\x00\\x17Visual Studio Installer\\x00\\x00\\x12\\x01\\x00\rVisual Studio\\x00\\x00\n\\x01\\x00\\x05en-US\\x00\\x00a\\x01\\x00\\Microsoft.VisualStudio.Setup.Bootstrapper.Bootstrapper+<DownloadClientExperimentsAsync>d__25\\x00\\x00:\\x01\\x00\\x15Microsoft.Performa"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1080
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1081
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "Buffer",
                "value": "\\x0c\\xf3\\xa5\\xe6\\x04Y\\xb8Y\\xcbTP\\x19\\xebQq\\xc0n\\xb4\\x9e\\x00\\xa0g\\x00\\x80\\x1eWt\\x13\\x1c\\xf8/?\\xfe\\x85+\\x869\\x9d\\xfe@\\xaf\\xf6\\xae\\x9f|n\\x996\\xa7\\xae1\\xc2)c\\xf1\\xcb\\x98\\x8d\\xf1\\xb2V\\xcc\\xb5y\\x9e\\x9eq\\xcf\\x8e\r\\xf2 \\xff\\xcc\\x06\\xf8\\x113\\x08\\x7f?\\x96\\x98}\\x9a/d&0kUN\\xc3%\\x12\\xd8e\\x06\\x9b\\xa7\\x06\\xdfe\\x85\\xb6H\\x1f\\xa5\\xb9Mu\\xb1\\xc8J\\x9f\\xa9\\xaf\\x10\ny\\xd0\\x8e\\xbe\\x8c\\xcbq\\x01\\x00o\\xec\\xf1\\xc9\\xcf\\xa1\\xa1V\\x0b\\xa9\\x96\\x97\\xde\\x0c^{\\xdf\\x81\\xcb\\xbe\\x0f\\x81\\xa3\\x0e]Z\\xc1\\xf1i\\xdaE\\xfd\\xaa\\xd3\\xc8ga\\xd2\\xec\\x15\\x9f\\xf2\\x16\\xca\\xe2\\x05\\x18\\xd5\\xfen^\rW\\x06\\xa4\\xb3\\x1ax\\x87\\x8b\\x08\\xd6\\xb7 g\\xe5\\xb7\\x07&\\x93\\xc9~\\x9c\\x12\\xe1\\xb7P:\\xcb{\\xd6\\xfa;\\xfe\\xd0\\xb8\\x8e\\x8f\\xdb\\x08\\xbf\\xcby\\x8d\\xcc|\\xd6\\x80%\\xcb\n\\xf9\\x14'e\\xe4q\\xc0d\\xc1GE(\ro\\xc0\\x19\\xabzZShpn\\x91\\xcb+\\xbd"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1082
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1083
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "Buffer",
                "value": "$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb8\\xcd%\\x9f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa7Pp \\xabQq\\xcf\\xaaRr\\xff\\xaaRr\\xff\\xaaRr\\xff\\xaaRr\\xff\\xaaRr\\xff\\xaaRr\\xdf\\xa7Pp \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xba\\xcd$\\xef\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xbd\\xd0"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1084
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1085
          },
          {
            "timestamp": "2026-06-28 21:56:15,605",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "Buffer",
                "value": "\\xa0\\xff\\xd3r\\x9d\\xff\\xcan\\x96\\xff\\xbc\\xa1R\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xcb\\xd9[\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xcb\\xda[\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xb9\\xcd$\\xff\\xc8\\xacb\\xff\\x8fC^\\xff\\x8fC^\\xff\\x8eC^\\xff\\x8dB\\\\xff\\x8bA[\\xff\\x88@Y\\xff\\x98Ie\\xff\\xaaRr\\xff\\xaaRr\\xff\\xaaRr\\xff\\xaaRr\\xff\\xaaRr\\xff\\xaaRr\\xff\\xaaRr\\xff\\xaaRr\\xff\\xaaRr\\xff\\xaaRr\\xff\\xaaRr\\xff\\xa9Rr\\xff\\xa8Qp\\xff\\xa6Po\\xff\\xa1Nl\\xff\\x9dLi\\xff\\x98If\\xff\\xbed\\x89\\xcf\\xdav\\xa3\\xfe\\xd9v\\xa2\\xff\\xd8u\\xa1\\xff\\xd5s\\x9e\\xff\\xcdo\\x99\\xff\\xbf\\x89o\\xff\\xb9\\xcd"
              },
              {
                "name": "Length",
                "value": "49990"
              }
            ],
            "repeated": 0,
            "id": 1086
          },
          {
            "timestamp": "2026-06-28 21:56:15,621",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xd2b\\xcf\\x8f\\x10\\xdc\\x01\\x00\\xd2b\\xcf\\x8f\\x10\\xdc\\x01\\x00\\xd2b\\xcf\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1087
          },
          {
            "timestamp": "2026-06-28 21:56:15,621",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 1088
          },
          {
            "timestamp": "2026-06-28 21:56:15,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 1089
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1090
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1091
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 1092
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00ca7d88",
            "parentcaller": "0x00cb3b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04edf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1093
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1094
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1095
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1096
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "xO\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1097
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "xO\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1098
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "xO\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1099
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1100
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00y\\xc0\\xfe\\xd3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x010\\x00\\x00\\x1c\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\xda;\\x00\\x00\\x00 \\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x02\\x00\\x00\\x88a\\x00\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "15546"
              }
            ],
            "repeated": 0,
            "id": 1101
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1102
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
              },
              {
                "name": "Buffer",
                "value": "\"\\xc1\\xbc\\xdcz6\\xebV^\r\\xf5\\xf9\\xf6\\xc0\\xe86\\xb06\\xbcE\\xf3h\\x0f\\xadx#JE\\x8f/\\xe5\\xabSl\\x06\\x8fU\\xe0fA\\x8aL\\xd7\\xed\\x98\\xd6\t\\x18\\x1d\\xd4P\\x81\\j_\\xa48\\xa4\\x1e44\\xe5\\x83\\xa4\\x01\\xa9\\x1dX4\\xf6ld\\x9aQ\\x92FU\\x8b^\\xa4\\x8aOL\\x0b5\\x81\\xdf\\xefR\\x88\\x1cv\"\\xf9\\xd6\\x8e\\xec\\x86\\xe1\\xc8\\x94\\x1e\\x90IH\\x90\\xdb\\x85\\xd8\\x85\\x16\\xdb@!\\x02\\x03\\x01\\x00\\x01\\xa3\\x82\\x01I0\\x82\\x01E0\\x1d\\x06\\x03U\\x1d\\x0e\\x04\\x16\\x04\\x14\\xbd\\xce\\xc6s\\xcf\\x9e\\xd0\\x95>g\\xae\\xdf\\xe8\\x8a\\xd2\\xef\\xd4\\xe4;\\xb60\\x1f\\x06\\x03U\\x1d#\\x04\\x180\\x16\\x80\\x14\\x9f\\xa7\\x15]\\x00^b]\\x83\\xf4\\xe5\\xd2e\\xa7\\x1bS5\\x19\\xe9r0_\\x06\\x03U\\x1d\\x1f\\x04X0V0T\\xa0R\\xa0P\\x86Nhttp://www.microsoft.com/pkiops/crl/Microsoft%"
              },
              {
                "name": "Length",
                "value": "4798"
              }
            ],
            "repeated": 0,
            "id": 1103
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xda\\x8ak\\x8c\\x10\\xdc\\x01\\x00\\xda\\x8ak\\x8c\\x10\\xdc\\x01\\x00\\xda\\x8ak\\x8c\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1104
          },
          {
            "timestamp": "2026-06-28 21:56:15,730",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 1105
          },
          {
            "timestamp": "2026-06-28 21:56:15,746",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1106
          },
          {
            "timestamp": "2026-06-28 21:56:15,746",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1107
          },
          {
            "timestamp": "2026-06-28 21:56:15,746",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 1108
          },
          {
            "timestamp": "2026-06-28 21:56:15,746",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1109
          },
          {
            "timestamp": "2026-06-28 21:56:15,746",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1110
          },
          {
            "timestamp": "2026-06-28 21:56:15,746",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1111
          },
          {
            "timestamp": "2026-06-28 21:56:15,746",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x88\\xd7\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1112
          },
          {
            "timestamp": "2026-06-28 21:56:15,746",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x88\\xd7\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1113
          },
          {
            "timestamp": "2026-06-28 21:56:15,746",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x88\\xd7\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1114
          },
          {
            "timestamp": "2026-06-28 21:56:15,746",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1115
          },
          {
            "timestamp": "2026-06-28 21:56:15,761",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x01\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00HN\\xb4\\xa0\\x0c/\\xda\\xf3\\x0c/\\xda\\xf3\\x0c/\\xda\\xf3\\xe8_\\xd9\\xf2\\x06/\\xda\\xf3\\xe8_\\xdf\\xf2\\x84/\\xda\\xf3^G\\xde\\xf2\\x02/\\xda\\xf3^G\\xd9\\xf2\\x1e/\\xda\\xf3\\xe8_\\xde\\xf2\\x1a/\\xda\\xf3\\xe8_\\xdb\\xf2\t/\\xda\\xf3^G\\xdf\\xf2'/\\xda\\xf3\\x0c/\\xdb\\xf3d/\\xda\\xf3\\xa2F\\xdf\\xf2\\x08/\\xda\\xf3\\xa2F\\xda\\xf2\r/\\xda\\xf3\\xa2F%\\xf3\r/\\xda\\xf3\\x0c/M\\xf3\r/\\xda\\xf3\\xa2F\\xd8\\xf2\r/\\xda\\xf3Rich\\x0c/\\xda\\xf3"
              },
              {
                "name": "Length",
                "value": "60738"
              }
            ],
            "repeated": 0,
            "id": 1116
          },
          {
            "timestamp": "2026-06-28 21:56:15,761",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1117
          },
          {
            "timestamp": "2026-06-28 21:56:15,761",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xf2\\xf2\\x0fX\\xfef\\x0fY\\xc4f\\x0f(\\xe0f\\x0fX\\xc6\\x81\\xe1\\xff\\x0f\\x00\\x00\\x83\\xe9\\x01\\x81\\xf9\\xfd\\x07\\x00\\x00\\x0f\\x87\\xbe\\x00\\x00\\x00\\x81\\xe9\\xfe\\x03\\x00\\x00\\x03\\xca\\xf2\\x0f*\\xf1f\\x0f\\x14\\xf6\\xc1\\xe1\n\\x03\\xc1\\xb9\\x10\\x00\\x00\\x00\\xba\\x00\\x00\\x00\\x00\\x83\\xf8\\x00\\x0fD\\xd1f\\x0f(\r\\xb0t\\x01\\x10f\\x0f(\\xd8f\\x0f(\\x15\\xc0t\\x01\\x10f\\x0fY\\xc8f\\x0fY\\xdbf\\x0fX\\xcaf\\x0f(\\x15\\xd0t\\x01\\x10\\xf2\\x0fY\\xdbf\\x0f(-0t\\x01\\x10f\\x0fY\\xf5f\\x0f(\\xaa@t\\x01\\x10f\\x0fT\\xe5f\\x0fX\\xfef\\x0fX\\xfcf\\x0fY\\xc8\\xf2\\x0fY\\xd8f\\x0fX\\xcaf\\x0f(\\x15\\xe0t\\x01\\x10f\\x0fY\\xd0f\\x0f(\\xf7f\\x0f\\x15\\xf6f\\x0fY\\xcb\\x83\\xec\\x10f\\x0f(\\xc1f\\x0fX\\xcaf\\x0f\\x15\\xc0\\xf2\\x0fX\\xc1\\xf2\\x0fX\\xc6\\xf2\\x0fX\\xc7f\\x0f\\x13D$\\x04\\xddD$\\x04\\x83\\xc4\\x10\\xc3f\\x0f\\x12D$\\x04f\\x0f(\rpt\\x01\\x10\\xf2\\x0f\\xc2\\xc8\\x00f\\x0f\\xc5\\xc1\\x00\\x83\\xf8\\x00w"
              },
              {
                "name": "Length",
                "value": "59974"
              }
            ],
            "repeated": 0,
            "id": 1118
          },
          {
            "timestamp": "2026-06-28 21:56:15,761",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x005r\\x01\\x8c\\x10\\xdc\\x01\\x005r\\x01\\x8c\\x10\\xdc\\x01\\x005r\\x01\\x8c\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1119
          },
          {
            "timestamp": "2026-06-28 21:56:15,761",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 1120
          },
          {
            "timestamp": "2026-06-28 21:56:15,761",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1121
          },
          {
            "timestamp": "2026-06-28 21:56:15,761",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1122
          },
          {
            "timestamp": "2026-06-28 21:56:15,761",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1123
          },
          {
            "timestamp": "2026-06-28 21:56:15,761",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 1124
          },
          {
            "timestamp": "2026-06-28 21:56:15,761",
            "thread_id": "5088",
            "caller": "0x00c8a997",
            "parentcaller": "0x00c8a80b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04ee2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1125
          },
          {
            "timestamp": "2026-06-28 21:56:15,761",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1126
          },
          {
            "timestamp": "2026-06-28 21:56:15,761",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1127
          },
          {
            "timestamp": "2026-06-28 21:56:15,761",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1128
          },
          {
            "timestamp": "2026-06-28 21:56:15,777",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\x05\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1129
          },
          {
            "timestamp": "2026-06-28 21:56:15,777",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\x05\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1130
          },
          {
            "timestamp": "2026-06-28 21:56:15,777",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\x05\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1131
          },
          {
            "timestamp": "2026-06-28 21:56:15,777",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1132
          },
          {
            "timestamp": "2026-06-28 21:56:15,777",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00\\xf7\\xcf\\x93\\xb7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\" \\x0b\\x010\\x00\\x00\\xd2\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\xf0\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x02\\x00\\x00\\x99\\x1d\\x01\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "5562"
              }
            ],
            "repeated": 0,
            "id": 1133
          },
          {
            "timestamp": "2026-06-28 21:56:15,777",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1134
          },
          {
            "timestamp": "2026-06-28 21:56:15,777",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x1a\\x15\\x00p*\\x00\\x1b0\\x03\\x00c\\x00\\x00\\x00\\x11\\x00\\x00\\x11(\\xc9\\x00\\x00\n\\x14\\xfe\\x06\\x04\\x00\\x00\\x06s\\xca\\x00\\x00\no\\xcb\\x00\\x00\ns\\xcc\\x00\\x00\n\n\\xdeCu9\\x00\\x00\\x01%-\\x04&\\x16+\r\\x0b\\x07o\\xcd\\x00\\x00\n\\x1c\\xfe\\x01\\x16\\xfe\\x03\\xfe\\x11&\\x07\\x80\\x06\\x00\\x00\\x04\\x14\n\\xde\\x1d\\x0cr\\x88\\x15\\x00p\\x08o\\xb2\\x00\\x00\nr\\xb8\\x15\\x00p(<\\x00\\x00\n\\x08s\\xce\\x00\\x00\nz\\x06*\\x00\\x01\\x1c\\x00\\x00\\x01\\x00\\x00\\x00\\x1e9\\x00\\x0b\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1eD\\x00\\x1d\\x1b\\x00\\x00\\x01\\x1e\\x02(\\x1f\\x00\\x00\n*\\x130\\x03\\x00!\\x00\\x00\\x00\\x12\\x00\\x00\\x11r\\x1a\\x16\\x00p\\x02{ \\x00\\x00\\x04(k\\x00\\x00\n\\x16\\xfe\\x01\n\\x12\\x00(\\xcf\\x00\\x00\n(<\\x00\\x00\n*\\x1e\\x02(\\x1f\\x00\\x00\n*Zr\\x9a\\x16\\x00p\\x02{!\\x00\\x00\\x04r\\xd0\\x07\\x00p(\\xb9\\x00\\x00\n*\\x1e\\x02(\\x1f\\x00\\x00\n*nr\\xea\\x16\\x00p\\x02{\"\\x00\\x00\\x04o\\xd0\\x00\\x00\n\\x8c"
              },
              {
                "name": "Length",
                "value": "61430"
              }
            ],
            "repeated": 0,
            "id": 1135
          },
          {
            "timestamp": "2026-06-28 21:56:15,777",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xceB\\xc4^\\xb8\\xda\\x01\\x00\\xceB\\xc4^\\xb8\\xda\\x01\\x00\\xceB\\xc4^\\xb8\\xda\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1136
          },
          {
            "timestamp": "2026-06-28 21:56:15,777",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 1137
          },
          {
            "timestamp": "2026-06-28 21:56:15,777",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1138
          },
          {
            "timestamp": "2026-06-28 21:56:15,793",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1139
          },
          {
            "timestamp": "2026-06-28 21:56:15,793",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 1140
          },
          {
            "timestamp": "2026-06-28 21:56:15,793",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1141
          },
          {
            "timestamp": "2026-06-28 21:56:15,793",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1142
          },
          {
            "timestamp": "2026-06-28 21:56:15,793",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1143
          },
          {
            "timestamp": "2026-06-28 21:56:15,793",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\t\\x19\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1144
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\t\\x19\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1145
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\t\\x19\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1146
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1147
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00\\x84\\xeb\\x8f\\xf8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\" \\x0b\\x010\\x00\\x00\\xd4\\x18\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\xf2\\xee\\x18\\x00\\x00 \\x00\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x19\\x00\\x00\\x02\\x00\\x00\\xa7\\xd9\\x19\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "4106"
              }
            ],
            "repeated": 0,
            "id": 1148
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1149
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x06\\xa2(o\\x00\\x00\\x06t-\\x00\\x00\\x01*\\x00\\x130\\x01\\x00G\\x00\\x00\\x00\\x00\\x00\\x00\\x00r\\xe9\\x01\\x00p\\x806\\x00\\x00\\x04r\\xf3\\x01\\x00p\\x807\\x00\\x00\\x04r\\xff\\x01\\x00p\\x808\\x00\\x00\\x04r\t\\x02\\x00p\\x809\\x00\\x00\\x04r\\x1d\\x02\\x00p\\x80:\\x00\\x00\\x04r/\\x02\\x00p\\x80;\\x00\\x00\\x04rC\\x02\\x00p\\x80<\\x00\\x00\\x04*\n\\x17*\n\\x17*\\x1e\\x02(\\xd1\\x00\\x00\n*\\x00\\x00\\x00\\x130\\x04\\x00M\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04-\\x11\\xd0A\\x00\\x00\\x1b(\\xcf\\x00\\x00\n(\\xa3\\x05\\x00\\x06+\t\\x04uA\\x00\\x00\\x1b\\x14\\xfe\\x03-\\x1frK\\x02\\x00p(\\xb0\\x00\\x00\n\\xd0A\\x00\\x00\\x1b(\\xcf\\x00\\x00\n(\\xdc\\x05\\x00\\x06s9\\x01\\x00\\x06z\\x02\\x03\\x04\\xa5A\\x00\\x00\\x1b\\x05o\\xd2\\x00\\x00\n*\\x00\\x00\\x00\\x130\\x06\\x00W\\x00\\x00\\x00\\x10\\x00\\x00\\x11\\x05\\x14\\xfe\\x01\n\\x06-'\\x05uA\\x00\\x00\\x1b-\\x1fr\\xce\\x02\\x00p(\\xb0\\x00\\x00\n\\xd0A\\x00\\x00\\x1b(\\xcf\\x00\\x00\n(\\xdc"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1150
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1151
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "T3\\x0b\\x02\\x05(\\x94\\x04\\x00\\x06,\\x02\\x17*\\x03(\\xdb\\x05\\x00\\x06-\\x19\\x0f\\x00\\xfe\\x16k\\x00\\x00\\x02o\\xb1\\x00\\x00\n\\x03\\x04\\x05(\\x9e\\x04\\x00\\x06,\\x02\\x17*\\x05\\xfe\\x15\"\\x00\\x00\\x01\\x16*\\x00\\x00\\x130\\x05\\x00\\xdf\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02o\\xa6\\x00\\x00\n\\x16>\\xca\\x00\\x00\\x00\\x02\\x16o\\xa7\\x00\\x00\n\\x1f/3H\\x02o\\xa6\\x00\\x00\n\\x1f\t?\\x9d\\x00\\x00\\x00\\x02r\\xee.\\x00p\\x1ao%\\x01\\x00\n9\\x8c\\x00\\x00\\x00\\x02r\\xfc.\\x00p\\x1ao\\xf0\\x00\\x00\n,~\\x02o\\x1d\\x01\\x00\n\\x16\\x02o\\xa6\\x00\\x00\ns\\xd6\\x05\\x00\\x06\\x05(\\x9d\\x04\\x00\\x06,d\\x17*\\x02o\\xa6\\x00\\x00\n\\x1f\\x132X\\x02o\\xa6\\x00\\x00\n\\x1f(0N\\x02\\x16o\\xa7\\x00\\x00\n(\\x8c\\x01\\x00\n,@\\x02\\x1f\no\\xa7\\x00\\x00\n\\x1fT34\\x02r\\x02/\\x00p(\\xb0\\x00\\x00\n \\x80\\x00\\x00\\x00\\x05(\\x9a\\x02\\x00\n,\\x1c\\x02o\\x1d\\x01\\x00\n\\x16\\x02o\\xa6\\x00\\x00\ns\\xd6\\x05\\x00\\x06\\x05(\\x94"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1152
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1153
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x06+\\x06\\x03o\\xc3\\x03\\x00\\x06\\x03o\\xa1\\x03\\x00\\x06\\x040\\xf1*\\x00\\x00\\x130\t\\x00i\\x00\\x00\\x00y\\x00\\x00\\x11\\x04oF\\x07\\x00\\x06-\\x02\\x17*\\x04oF\\x07\\x00\\x06\\x05o7\\x05\\x00\n\n\\x02{\\xae\\x02\\x00\\x04,H\\x02{\\xae\\x02\\x00\\x04o\\x82\\x06\\x00\\x06\\x1a2:\\x02{\\xae\\x02\\x00\\x04\\x1a\\x14\\x03o\\xa4\\x03\\x00\\x06r\\xe7\\x86\\x00p(\\xb0\\x00\\x00\n\\x04o\\x1a\\x07\\x00\\x06\\x04o\\x1c\\x07\\x00\\x06\\x06\\x8c|\\x01\\x00\\x01(\\xde\\x05\\x00\\x06(\\xb2\\x00\\x00\\x06\\x14o\\x83\\x06\\x00\\x06\\x06*\\x00\\x00\\x00\\x130\t\\x00i\\x00\\x00\\x00y\\x00\\x00\\x11\\x04oJ\\x07\\x00\\x06-\\x02\\x17*\\x04oJ\\x07\\x00\\x06\\x05o7\\x05\\x00\n\n\\x02{\\xae\\x02\\x00\\x04,H\\x02{\\xae\\x02\\x00\\x04o\\x82\\x06\\x00\\x06\\x1a2:\\x02{\\xae\\x02\\x00\\x04\\x1a\\x14\\x03o\\xa4\\x03\\x00\\x06rS\\x87\\x00p(\\xb0\\x00\\x00\n\\x04o\\x1a\\x07\\x00\\x06\\x04o\\x1c\\x07\\x00\\x06\\x06\\x8c|\\x01\\x00\\x01(\\xde\\x05\\x00\\x06(\\xb2\\x00\\x00\\x06\\x14o\\x83\\x06\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1154
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1155
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\n}\\xee\\x03\\x00\\x04\\x02{\\xec\\x03\\x00\\x04o\\xc6\\x06\\x00\no\\xc8\\x06\\x00\n\n+\\x1d\\x06o:\\x00\\x00\nt\\xdf\\x00\\x00\\x01\\x0b\\x02{\\xee\\x03\\x00\\x04\\x07(\\xab\\x0c\\x00\\x06o\\xc5\\x06\\x00\n\\x06o7\\x00\\x00\n-\\xdb\\xde\\x11\\x06u6\\x00\\x00\\x01\\x0c\\x08,\\x06\\x08o\\x19\\x00\\x00\n\\xdc\\x02{\\xee\\x03\\x00\\x04*\\x00\\x00\\x01\\x10\\x00\\x00\\x02\\x00I\\x00)r\\x00\\x11\\x00\\x00\\x00\\x00\\x130\\x02\\x000\\x00\\x00\\x00e\\x02\\x00\\x11\\x02{\\xec\\x03\\x00\\x04u\\xdb\\x00\\x00\\x01\n\\x06,\\x07\\x06o\\xc9\\x06\\x00\n*\\x02{\\xec\\x03\\x00\\x04o\\xc6\\x06\\x00\n%-\\x03&\\x16*o\\xc7\\x06\\x00\n\\x16\\xfe\\x02*\\x130\\x01\\x00/\\x00\\x00\\x00f\\x02\\x00\\x11\\x02{\\xec\\x03\\x00\\x04u\\xdf\\x00\\x00\\x01\\x0b\\x07-\r\\x02{\\xec\\x03\\x00\\x04o\\xca\\x06\\x00\n+\\x06\\x07o\\xcb\\x06\\x00\n\n\\x06-\\x02\\x14*\\x06(\\xab\\x0c\\x00\\x06*2\\x02{\\xec\\x03\\x00\\x04o\\xcc\\x06\\x00\n*6\\x02{\\xec\\x03\\x00\\x04\\x03o\\xcd\\x06\\x00\n*\\x00\\x00\\x130"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1156
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1157
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "k\\x01p(\\xe3\\x06\\x00\not\t\\x00\n\\x0c\\x089\\x9d\\x00\\x00\\x00\\x08o\\xf9\\x06\\x00\n\\x17\\x8dq\\x01\\x00\\x01%\\x16\\x1f:\\x9d\\x18o\\x12\\x08\\x00\n\r\t\\x8ei\\x182\\x7f\\x02{#\\x08\\x00\\x04\t\\x17\\x9aou\t\\x00\n,o\\x07~3\n\\x00\\x04r\\xf3k\\x01p(q\t\\x00\nor\t\\x00\n(\\x82\\x01\\x00+\\x13\\x04\\x11\\x04,O\\x11\\x04~3\n\\x00\\x04r\\x17l\\x01p(q\t\\x00\nor\t\\x00\n(\\x82\\x01\\x00+\\x13\\x05\\x11\\x05,.\\x11\\x05o\\x02\\x07\\x00\n\\x17(\\xdb\\x07\\x00\n,\\x1f\\x02{#\\x08\\x00\\x04\t\\x17\\x9aow\t\\x00\n\\x11\\x05o\\x02\\x07\\x00\ns9\\x06\\x00\no\\xaa\\x1f\\x00\\x06\\x06o7\\x00\\x00\n::\\xff\\xff\\xff\\xde\n\\x06,\\x06\\x06o\\x19\\x00\\x00\n\\xdc*\\x00\\x01\\x10\\x00\\x00\\x02\\x00/\\x00\\xcd\\xfc\\x00\n\\x00\\x00\\x00\\x00\\x130\\x04\\x00~\\x00\\x00\\x00$\\x03\\x00\\x11\\x02oy\t\\x00\n%-\\x04&\\x14+\\x18(\\x83\\x01\\x00+%-\\x04&\\x14+\\x0c\\x03"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1158
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1159
          },
          {
            "timestamp": "2026-06-28 21:56:15,808",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x06\\x03}\\xc2\\x16\\x00\\x04s\\\\x0b\\x00\n\\x0b\\x07s_\\x07\\x00\n\\x0c\\x08\\x19o6\\x07\\x00\n\\x02\\x06\\xfe\\x06\\x89!\\x00\\x06s\\xb6\\x07\\x00\n(\\xcb\\x16\\x00\\x06\\x08\\x06{\\xc2\\x16\\x00\\x04o]\\x0b\\x00\no6\\x07\\x00\n\\x06{\\xc2\\x16\\x00\\x04o^\\x0b\\x00\n\\x13\\x04+\\x7f\\x11\\x04o_\\x0b\\x00\n\\x13\\x05\\x12\\x05(`\\x0b\\x00\n\\x13\\x06\\x08r\\x84\\xea\\x01p\\x1d\\x8d\\x1b\\x00\\x00\\x01%\\x16\\x11\\x06o[\\x19\\x00\\x06\\xa2%\\x17r\\xb0\\xea\\x01p\\xa2%\\x18\\x11\\x06o\\\\x19\\x00\\x06\\xa2%\\x19r\\xb0\\xea\\x01p\\xa2%\\x1a\\x11\\x06o]\\x19\\x00\\x06\\xa2%\\x1br\\xb0\\xea\\x01p\\xa2%\\x1c\\x11\\x06o`\\x19\\x00\\x06\\x8cr\\x01\\x00\\x01\\xa2(\\xa0\n\\x00\noa\\x0b\\x00\n\\x08\\x12\\x05(b\\x0b\\x00\noT\\x19\\x00\\x06oa\\x0b\\x00\n\\x11\\x04o7\\x00\\x00\n:u\\xff\\xff\\xff\\xde\\x0c\\x11\\x04,\\x07\\x11\\x04o\\x19\\x00\\x00\n\\xdc\\x07oc\\x0b\\x00\ni\r\\x07\\x16jod\\x0b\\x00\n\\x07sE\\x07\\x00\n\toX\\x07"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1160
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1161
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 2,
            "id": 1162
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "{\\xfd\\x0e\\x00\\x04Y\\x0b\\x079\\xab\\x00\\x00\\x00\\x02{\\xfc\\x0e\\x00\\x04\\x8ei\\x07/\\x13\\x02\\x02{\\xfe\\x0e\\x00\\x04\\x07\\x16o\\xd8\\x02\\x00\\x06}\\xfc\\x0e\\x00\\x04\\x02{\\xff\\x0e\\x00\\x04\\x02{\\xfd\\x0e\\x00\\x04\\x02{\\xfc\\x0e\\x00\\x04\\x16\\x07o\\xa4\\x02\\x00\n\\x02{\\x00\\x0f\\x00\\x04\\x02{\\xfc\\x0e\\x00\\x04\\x16\\x07\\x02{\\x01\\x0f\\x00\\x04($\\x04\\x00\\x06\\x16o\\xe5\\x0b\\x00\n\r\\x12\\x03(\\xe6\\x0b\\x00\n\\x0c\\x12\\x02(\\xe7\\x0b\\x00\n-<\\x02\\x1a%\n}\\xfa\\x0e\\x00\\x04\\x02\\x08}\\x06\\x0f\\x00\\x04\\x02|\\xfb\\x0e\\x00\\x04\\x12\\x02\\x02(\\xa7\\x02\\x00+\\xde_\\x02{\\x06\\x0f\\x00\\x04\\x0c\\x02|\\x06\\x0f\\x00\\x04\\xfe\\x15L\\x00\\x00\\x01\\x02\\x15%\n}\\xfa\\x0e\\x00\\x04\\x12\\x02(\\xe8\\x0b\\x00\n\\xde \\x13\\x07\\x02\\x1f\\xfe}\\xfa\\x0e\\x00\\x04\\x02\\x14}\\x05\\x0f\\x00\\x04\\x02|\\xfb\\x0e\\x00\\x04\\x11\\x07(\\xe1\\x0b\\x00\n\\xde\\x1a\\x02\\x1f\\xfe}\\xfa\\x0e\\x00\\x04\\x02\\x14}\\x05\\x0f\\x00\\x04\\x02|\\xfb\\x0e\\x00\\x04(\\xe2\\x0b\\x00\n*\\x00A\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1163
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1164
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "C\\x12\\x00\\x06z\\x07\\x02{8\\x14\\x00\\x04\\x02{6\\x14\\x00\\x04\\x02{9\\x14\\x00\\x04({\\x16\\x00\\x06\\x16o\\x03\\x0e\\x00\n\\x13\n\\x12\n(\\x04\\x0e\\x00\n\\x13\t\\x12\t(\\x05\\x0e\\x00\n->\\x02\\x16%\n}4\\x14\\x00\\x04\\x02\\x11\t}:\\x14\\x00\\x04\\x02|5\\x14\\x00\\x04\\x12\t\\x02((\\x03\\x00+\\xdeT\\x02{:\\x14\\x00\\x04\\x13\t\\x02|:\\x14\\x00\\x04\\xfe\\x15\\x8d\\x03\\x00\\x1b\\x02\\x15%\n}4\\x14\\x00\\x04\\x12\t(\\x06\\x0e\\x00\n\\x0c\\xde\\x19\\x13\\x0b\\x02\\x1f\\xfe}4\\x14\\x00\\x04\\x02|5\\x14\\x00\\x04\\x11\\x0b(\\x07\\x0e\\x00\n\\xde\\x14\\x02\\x1f\\xfe}4\\x14\\x00\\x04\\x02|5\\x14\\x00\\x04\\x08(\\x08\\x0e\\x00\n*\\x00A\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x00\\x00?\\x01\\x00\\x00M\\x01\\x00\\x00\\x19\\x00\\x00\\x00/\\x00\\x00\\x016\\x02|5\\x14\\x00\\x04\\x03(\t\\x0e\\x00\n*.sU \\x00\\x06\\x80;\\x14\\x00\\x04*\\x1e\\x02(\\xd1\\x00\\x00\n*\\x1a(\\x80\\x16\\x00\\x06*\\x1a(\\x80\\x16\\x00\\x06*.sY \\x00\\x06"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1165
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1166
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x06\\x00\\xb4\\xfa\\x01\\x00\\xd3\\xd2\\x01\\x00*\\x00\\xa7\\xb3\\x02\\x00D{\\x02\\x00*\\x00\\xbb\\xd4\\x01\\x00D{\\x02\\x00*\\x00\\x91\\xa2\\x02\\x00D{\\x02\\x00*\\x003\\xc5\\x01\\x00D{\\x02\\x00*\\x002q\\x02\\x00D{\\x02\\x00*\\x00wp\\x02\\x00D{\\x02\\x00*\\x00\\xbb\\xca\\x01\\x00D{\\x02\\x006\\x00\\xcd4\\x02\\x00\\x12W\\x02\\x006\\x00\\x0b=\\x00\\x00\\x12W\\x02\\x006\\x00\\x00;\\x00\\x00\\x12W\\x02\\x00\\x12\\x00\n\\xfb\\x01\\x00\\x9f\\xc9\\x01\\x00\\x16\\x00\\x00\\x1a\\x01\\x00\\xe5\\x0c\\x02\\x00\\x06\\x00\\xc0\\xbe\\x01\\x00\\x81[\\x02\\x00\\x12\\x00#7\\x02\\x00\\x9f\\xc9\\x01\\x00\\x12\\x00\\xd8\\x14\\x02\\x00\\x9f\\xc9\\x01\\x00&\\x00\\xfd\\xc3\\x02\\x00`\\x0b\\x02\\x00\\x06\\x00u\\x84\\x01\\x00QW\\x02\\x00\\x06\\x00\\xbc\\xfc\\x01\\x00\\xd3\\xd2\\x01\\x00\\x06\\x00\\x1c\\xcd\\x01\\x00n\\x83\\x00\\x00\\x06\\x00\\xe2\\x14\\x02\\x00n\\x83\\x00\\x00\\x06\\x00\\xc2\\xd3\\x01\\x00 \\x96\\x01\\x00\\x0e\\x00\\x84\\xac\\x01\\x00QW\\x02\\x00\\x06\\x00z\\x96\\x01\\x00T\\xd9\\x02\\x00\\x06\\x00\\x04\\xf8\\x01\\x00\\xd3\\xd2\\x01\\x00.\\x00\\x91v\\x02\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1167
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1168
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xac%\\x00\\x00\\x06\\x00\\xe4\\x17\\x01\\x00\\xa7%\\x00\\x00\\x06\\x00\\xf4\\xab\\x00\\x00\\xac%\\x00\\x00\\x06\\x00\\xe4\\x17\\x01\\x00\\xa7%\\x00\\x00\\x06\\x00\\x8eh\\x01\\x00-#\\x00\\x00\\x06\\x00\\xf9\\x06\\x02\\x00\\xac%\\x00\\x00\\x06\\x00\\x80\\x08\\x02\\x00\\xd3%\\x00\\x00\\x06\\x00\\xec\\x04\\x02\\x00\\xe0%\\x00\\x00\\x06\\x00\\xec\\x04\\x02\\x00\\xe0%\\x00\\x00\\x06\\x00\\x80\\x08\\x02\\x00\\xd3%\\x00\\x00\\x06\\x00\\xe5O\\x02\\x00P\\xe2\\x01\\x00\\x06\\x00\\xc0\\xc7\\x01\\x00\\xb6\\xe1\\x01\\x00\\x06\\x00\\xc0\\xc7\\x01\\x00\\xb6\\xe1\\x01\\x006\\x00\\x1cw\\x00\\x00\\xe1\\xec\\x01\\x00\\x16\\x00\\xf9\\x04\\x00\\x00\\xe6\\xec\\x01\\x00\\x16\\x00\\xea\\x05\\x00\\x00\\xf1\\xec\\x01\\x00\\x16\\x00\\x04\\x16\\x00\\x00\\xfc\\xec\\x01\\x00\\x16\\x00*\\x06\\x00\\x00\\x08\\xed\\x01\\x00\\x06\\x00\\x85\\x06\\x02\\x00A\\xe2\\x01\\x00\\x06\\x00{\\x02\\x03\\x00\\xd3%\\x00\\x00\\x06\\x00)_\\x01\\x00-#\\x00\\x00\\x06\\x00e>\\x00\\x00\\x13\\xed\\x01\\x00\\x06\\x00\\xe4\\x17\\x01\\x00I\\x04\\x00\\x00\\x06\\x00\\xd1^\\x01\\x00-#\\x00\\x00\\x06\\x06S\\x89\\x00\\x00\\xdfa\\x00\\x00V\\x80\\xa6\\xce\\x02\\x00\\x18\\xed\\x01\\x00V\\x80"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1169
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1170
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x02\\x00\\x00\\x00\\x81\\x00\\x19y\\x02\\x00\\x9f\\x04\\x02\\x00X\\x0c\\xf0x\\x02\\x00\\x00\\x00\\x81\\x00z]\\x01\\x00\\x82\\x1d\\x02\\x00Y\\x0c\\xb4y\\x02\\x00\\x00\\x00\\x81\\x00H\\xc9\\x01\\x00\\x8d\\x1d\\x02\\x00\\\\x0c\\xc7y\\x02\\x00\\x00\\x00\\x83\\x18\\xe5M\\x02\\x00\\x8b\\x04\\x02\\x00_\\x0c\\xe1y\\x02\\x00\\x00\\x00\\x86\\x08\\xb5\\xf7\\x01\\x00\\x96\\x1d\\x02\\x00`\\x0c\\xe9y\\x02\\x00\\x00\\x00\\x86\\x08\\xe1\\xad\\x01\\x00\r\\x02\\x00\\x00`\\x0c\\xf6y\\x02\\x00\\x00\\x00\\x86\\x08c-\\x01\\x00\r\\x02\\x00\\x00`\\x0c\\x00\\x00\\x00\\x00\\x03\\x00\\x86\\x18\\xe5M\\x02\\x00\\x8b\n\\x00\\x00`\\x0c\\x00\\x00\\x00\\x00\\x03\\x00\\xc6\\x01\\xf69\\x01\\x00\\x9c\\x1d\\x02\\x00b\\x0c\\x00\\x00\\x00\\x00\\x03\\x00\\xc6\\x01\\xe79\\x01\\x00\\xa4\\x1d\\x02\\x00d\\x0c\\x00\\x00\\x00\\x00\\x03\\x00\\xc6\\x01\\xb49\\x01\\x00u\\x13\\x02\\x00h\\x0c\\x03z\\x02\\x00\\x00\\x00\\x96\\x00\\xa7\\x95\\x02\\x00\\xb2\\x1d\\x02\\x00i\\x0c:z\\x02\\x00\\x00\\x00\\x96\\x00%\\x94\\x01\\x00\\xb2\\x1d\\x02\\x00j\\x0cqz\\x02\\x00\\x00\\x00\\x96\\x00\\xbd\\x99\\x02\\x00\\xb2\\x1d\\x02\\x00k\\x0c\\xa8z\\x02\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1171
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1172
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x9c\\xe5\\x04\\x00\\x00\\x00\\x81\\x00+\\x9f\\x00\\x00\\x01O\\x00\\x00r\\x1b\\xe8\\xe5\\x04\\x00\\x00\\x00\\x81\\x006\\x9f\\x00\\x00\\x01O\\x00\\x00s\\x1b4\\xe6\\x04\\x00\\x00\\x00\\x81\\x00\\xcb\\x92\\x02\\x00JN\\x02\\x00t\\x1b\\x9c\\xe6\\x04\\x00\\x00\\x00\\xc4\\x00\\x83\\x13\\x02\\x00TN\\x02\\x00t\\x1b\\xd5\\xe6\\x04\\x00\\x00\\x00\\x83\\x08\\xcf\\x91\\x02\\x00\\x1dO\\x02\\x00u\\x1b\\xdd\\xe6\\x04\\x00\\x00\\x00\\x83\\x08\\xf3 \\x02\\x00\\x98M\\x02\\x00u\\x1b\\xea\\xe6\\x04\\x00\\x00\\x00\\x83\\x08\\x95@\\x01\\x00\\xe8N\\x00\\x00u\\x1b\\xf4\\xe6\\x04\\x00\\x00\\x00\\x84\\x18\\xe5M\\x02\\x00#O\\x02\\x00u\\x1bW\\xe7\\x04\\x00\\x00\\x00\\xc4\\x01\\x11e\\x02\\x00;N\\x02\\x00x\\x1b\\x00\\x00\\x00\\x00\\x00\\x00\\xc4\\x05)\\x99\\x00\\x00\\x01O\\x00\\x00y\\x1b\\\\xe7\\x04\\x00\\x00\\x00\\x86\\x00\\xe7\\x9f\\x00\\x00\\x01O\\x00\\x00z\\x1b\\xa8\\xe7\\x04\\x00\\x00\\x00\\x81\\x00S\\xc5\\x01\\x000O\\x02\\x00{\\x1b\\xf9\\xe7\\x04\\x00\\x00\\x00\\x81\\x009\\xc5\\x01\\x00;O\\x02\\x00~\\x1b$\\xe8\\x04\\x00\\x00\\x00\\x91\\x00\\xb3\\xb7\\x02\\x00FO\\x02\\x00\\x81\\x1b\\xcc\\xe8\\x04\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1173
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1174
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x02\\x00\\x00\\x00\\x02\\x00\\x8dT\\x01\\x00\\x00\\x00\\x03\\x00\\x8eh\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x03\\x03\\x00\\x00\\x00\\x02\\x00\\xdb\\x06\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00'e\\x01\\x00\\x00\\x00\\x01\\x00\t\\\\x01\\x00\\x00\\x00\\x01\\x00\\x95\\xa8\\x02\\x00\\x00\\x00\\x01\\x00\\x95\\xa8\\x02\\x00\\x00\\x00\\x02\\x00\\x0c\\xdd\\x02\\x00\\x00\\x00\\x01\\x00\\x8eh\\x01\\x00\\x02\\x00\\x02\\x00\\x8e\\xa9\\x01\\x00\\x02\\x00\\x03\\x00B\\xcd\\x00\\x00\\x02\\x00\\x04\\x00\\xc8\\xa9\\x01\\x00\\x02\\x00\\x05\\x00d\\xcd\\x00\\x00\\x02\\x00\\x06\\x00\\xd9E\\x02\\x00\\x00\\x00\\x01\\x00\\x0c\\xdd\\x02\\x00\\x00\\x00\\x01\\x00\\x0c\\xdd\\x02\\x00\\x00\\x00\\x01\\x00\\x0c\\xdd\\x02\\x00\\x00\\x00\\x01\\x00\\x8eh\\x01\\x00\\x00\\x00\\x01\\x00'e\\x01\\x00\\x00\\x00\\x01\\x00'e\\x01\\x00\\x00\\x00\\x01\\x00'e\\x01\\x00\\x00\\x00\\x01\\x00'e\\x01\\x00\\x00\\x00\\x01\\x00'e\\x01\\x00\\x00\\x00\\x01\\x00'e\\x01\\x00\\x00\\x00\\x01\\x00'e\\x01\\x00\\x00\\x00\\x01\\x00'e\\x01\\x00\\x00\\x00\\x01\\x00\\x0c\\xdd\\x02\\x00\\x00\\x00\\x01\\x00\\x0c\\xdd\\x02\\x00\\x00\\x00\\x01\\x00\\x8eh\\x01\\x00\\x00\\x00\\x01\\x00\\xe4\\x17"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1175
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1176
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00)\\x03\\x00\\x00\\xcf\\x8f\\x01\\x00d\\x00\\x00\\x00,\\x00\\x00\\x00\\xcf\\x8f\\x01\\x00z\\x01\\x00\\x00|\\x05\\x00\\x00ek\\x02\\x00a\\x1a\\x00\\x00,\\x00\\x00\\x00ek\\x02\\x00\\xdf\\x01\\x00\\x00|\\x05\\x00\\x005\\xcf\\x01\\x00\\xf3\\x15\\x00\\x00,\\x00\\x00\\x005\\xcf\\x01\\x00\\xf3\\x15\\x00\\x00,\\x00\\x00\\x00\\xce\\xcf\\x01\\x00|\\x12\\x00\\x004\\x00\\x00\\x00\\x17\\xb7\\x00\\x00t\\x01\\x00\\x00)\\x03\\x00\\x00m\\x0e\\x02\\x00\\x01\\x00\\x00\\x004\\x00\\x00\\x00m\\x0e\\x02\\x00\\x01\\x00\\x00\\x00A\\x0c\\x00\\x00\\xfe}\\x02\\x00u\\x1a\\x00\\x004\\x00\\x00\\x00\\xfe}\\x02\\x00z\\x01\\x00\\x009\\x03\\x00\\x00\\x84\\xfa\\x02\\x00\\x98\\x1a\\x00\\x00I\\x03\\x00\\x00\\x1f\\xe8\\x02\\x00v\\x00\\x00\\x00I\\x03\\x00\\x00 \\x86\\x01\\x00v\\x00\\x00\\x00\\x84\\x05\\x00\\x00\\xe5M\\x02\\x00|\\x12\\x00\\x004\\x00\\x00\\x00I\\x04\\x02\\x00\\x80\\x01\\x00\\x00\\x8c\\x05\\x00\\x00+\\xca\\x02\\x00U\\x04\\x00\\x004\\x00\\x00\\x00+\\xca\\x02\\x00U\\x04\\x00\\x00)\\x03\\x00\\x00\\x18\\xf1\\x02\\x00`\\x00\\x00\\x004\\x00\\x00\\x00\\x18\\xf1\\x02\\x00`\\x00\\x00\\x00\\x84\\x05"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1177
          },
          {
            "timestamp": "2026-06-28 21:56:15,824",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1178
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1179
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00\\xe3`\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00\\x00a\\x00\\x00;\\x00\\x00\\x00\\x98\\xf9\\x01\\x00\\x03a\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00#a\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00Ca\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00ca\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00\\x80a\\x00\\x00*\\x00\\x00\\x00y\\xf9\\x01\\x00\\x83a\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00\\xa3a\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00\\xc3a\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00\\xe3a\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00\\x03b\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00 b\\x00\\x00*\\x00\\x00\\x00y\\xf9\\x01\\x00#b\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00@b\\x00\\x00*\\x00\\x00\\x00y\\xf9\\x01\\x00Cb\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00cb\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00\\x83b\\x00\\x00\\xa3\\x00\\x00\\x00\\xbb\\xc1\\x00\\x00\\x89b\\x00\\x00s\\x04\\x00\\x00y\\xab\\x02\\x00\\x89b\\x00\\x00k\\x04\\x00\\x00\\x8a\\xa9\\x02\\x00\\xa3b\\x00\\x00\\xa3\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1180
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1181
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "F\\x01?\\x03H\\x01I\\x03I\\x01T\\x03J\\x01W\\x03L\\x01_\\x03O\\x01b\\x03P\\x01k\\x03S\\x01l\\x03T\\x01p\\x03W\\x01q\\x03\\\\x01u\\x03]\\x01v\\x03_\\x01z\\x03`\\x01~\\x03a\\x01\\x8e\\x03d\\x01\\x90\\x03e\\x01\\x94\\x03f\\x01\\x95\\x03g\\x01\\x98\\x03i\\x01\\x9e\\x03n\\x01\\xae\\x03o\\x01\\xb2\\x03p\\x01\\xb3\\x03r\\x01\\xb9\\x03s\\x01\\xba\\x03t\\x01\\xbb\\x03w\\x01\\xbc\\x03y\\x01\\xbd\\x03{\\x01\\xc0\\x03\\x80\\x01\\xc4\\x03\\x81\\x01\\xc7\\x03\\x82\\x01\\xd0\\x03\\x85\\x01\\xd3\\x03\\x86\\x01\\xd5\\x03\\x87\\x01\\xd6\\x03\\x88\\x01\\xd8\\x03\\x91\\x01\\xdb\\x03\\x92\\x01\\xdc\\x03\\x99\\x01\\xdd\\x03\\x9b\\x01\\xde\\x03\\x9c\\x01\\xdf\\x03\\x9d\\x01\\xe0\\x03\\xa1\\x01\\xe2\\x03\\xa7\\x01\\xe3\\x03\\xa9\\x01\\xe4\\x03\\xab\\x01\\xe5\\x03\\xac\\x01\\xe6\\x03\\xad\\x01\\xe7\\x03\\xaf\\x01\\xed\\x03\\xb0\\x01\\xf1\\x03\\xb1\\x01\\xf6\\x03\\xb3\\x01\\xf7\\x03\\xbb\\x01\\xfb\\x03\\xbc\\x01\\x04\\x04\\xbd\\x01\\x06\\x04\\xc2\\x01\\x08\\x04\\xc3\\x01\\x0c\\x04\\xcb\\x01\r\\x04\\xcc\\x01\\x11\\x04\\xcd\\x01\\x14\\x04\\xd0\\x01\\x15\\x04\\xd2\\x01\\x16\\x04\\xd8\\x01\\x17\\x04\\xd9\\x01\\x1e\\x04"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1182
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1183
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "gates>b__1\\x00<AddClaims>b__1\\x00<RemoveIdTokens>b__1\\x00<CreateObjectUsingCreatorWithParameters>b__1\\x00<MergeAccounts>b__1\\x00<GetRegionalizedEnvironment>b__1\\x00<ComputeHttpEndpoint>b__1\\x00<SelectPolicy>b__1\\x00<FilterTokensByExpiry>b__1\\x00<AutoCompleteAsync>d__1\\x00<ReadContentFr"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1184
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1185
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "onResultFromCache\\x00searchInCache\\x00DurationInCache\\x00existingEnvironmentsInCache\\x00OboCacheKeyNotInCache\\x00CleanCache\\x00ITokenCache\\x00get_TokenCache\\x00isApplicationTokenCache\\x00get_AppTokenCache\\x00get_IsAppTokenCache\\x00appTokenCache\\x00get_UserTokenCache\\x00userTokenCache\\x00tokenCache"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1186
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1187
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "ter\\x00JsonSerializerInternalWriter\\x00XmlWriter\\x00get_CurrentItemWriter\\x00set_CurrentItemWriter\\x00JTokenWriter\\x00BsonWriter\\x00TraceJsonWriter\\x00jsonWriter\\x00_innerWriter\\x00_serializerWriter\\x00JsonTextWriter\\x00_textWriter\\x00BsonBinaryWriter\\x00_writer\\x00homeAccountIdFilter\\x00FieldFilter\\x00Arr"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1188
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1189
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00h\\x00a\\x00v\\x00e\\x00 \\x00a\\x00 \\x00g\\x00e\\x00t\\x00t\\x00e\\x00r\\x00.\\x00\\x01\\x07S\\x00e\\x00t\\x00\\x00[E\\x00n\\x00u\\x00m\\x00 \\x00n\\x00a\\x00m\\x00e\\x00 \\x00'\\x00{\\x000\\x00}\\x00'\\x00 \\x00a\\x00l\\x00r\\x00e\\x00a\\x00d\\x00y\\x00 \\x00e\\x00x\\x00i\\x00s\\x00t\\x00s\\x00 \\x00o\\x00n\\x00 \\x00e\\x00n\\x00u\\x00m\\x00 \\x00'\\x00{\\x001\\x00}\\x00'\\x00.\\x00\\x01IE\\x00n\\x00u\\x00m\\x00 \\x00t\\x00y\\x00p\\x00e\\x00 \\x00{\\x000\\x00}\\x00 \\x00i\\x00s\\x00 \\x00n\\x00o\\x00t\\x00 \\x00a\\x00 \\x00s\\x00e\\x00t\\x00 \\x00o\\x00f\\x00 \\x00f\\x00l\\x00a\\x00g\\x00s\\x00.\\x00\\x00%U\\x00n\\x00k\\x00n\\x00o\\x00w\\x00n\\x00 \\x00e\\x00n\\x00u\\x00m\\x00 \\x00t\\x00y\\x00p\\x00e\\x00.\\x00\\x00\\x11e\\x00n\\x00u\\x00m\\x00T\\x00y\\x00p"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1190
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1191
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00r\\x00 \\x00t\\x00h\\x00e\\x00 \\x00W\\x00W\\x00W\\x00-\\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00e\\x00 \\x00o\\x00r\\x00 \\x00t\\x00h\\x00e\\x00 \\x00A\\x00u\\x00t\\x00h\\x00e\\x00n\\x00t\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00-\\x00I\\x00n\\x00f\\x00o\\x00 \\x00c\\x00o\\x00l\\x00l\\x00e\\x00c\\x00t\\x00i\\x00o\\x00n\\x00s\\x00 \\x00a\\x00c\\x00q\\x00u\\x00i\\x00r\\x00e\\x00d\\x00 \\x00f\\x00r\\x00o\\x00m\\x00 \\x00t\\x00h\\x00e\\x00 \\x00p\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00d\\x00 \\x00e\\x00n\\x00d\\x00p\\x00o\\x00i\\x00n\\x00t\\x00.\\x00 \\x00S\\x00e\\x00e\\x00 \\x00i\\x00n\\x00n\\x00e\\x00r\\x00 \\x00e\\x00x\\x00c\\x00e\\x00p\\x00t\\x00i\\x00o\\x00n\\x00 \\x00f\\x00o\\x00r\\x00 \\x00d\\x00e\\x00t\\x00a\\x00i"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1192
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1193
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00t\\x00e\\x00c\\x00t\\x00e\\x00d\\x00.\\x00 \\x00\\x001F\\x00e\\x00t\\x00c\\x00h\\x00e\\x00d\\x00 \\x00a\\x00n\\x00d\\x00 \\x00p\\x00a\\x00r\\x00s\\x00e\\x00d\\x00 \\x00M\\x00E\\x00X\\x00.\\x00 \\x00\\x00QL\\x00o\\x00g\\x00g\\x00e\\x00d\\x00 \\x00i\\x00n\\x00 \\x00u\\x00s\\x00e\\x00r\\x00 \\x00d\\x00e\\x00t\\x00e\\x00c\\x00t\\x00e\\x00d\\x00 \\x00w\\x00i\\x00t\\x00h\\x00 \\x00u\\x00s\\x00e\\x00r\\x00 \\x00n\\x00a\\x00m\\x00e\\x00 \\x00'\\x00\\x01+U\\x00s\\x00e\\x00r\\x00 \\x00w\\x00i\\x00t\\x00h\\x00 \\x00u\\x00s\\x00e\\x00r\\x00 \\x00n\\x00a\\x00m\\x00e\\x00 \\x00'\\x00\\x01\\x1f'\\x00 \\x00d\\x00e\\x00t\\x00e\\x00c\\x00t\\x00e\\x00d\\x00 \\x00a\\x00s\\x00 \\x00'\\x00\\x01\\x07'\\x00.\\x00 \\x00\\x01%U\\x00s\\x00e\\x00r\\x00 \\x00d\\x00e\\x00t\\x00e\\x00c\\x00t"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1194
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1195
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x12\\x80\\xcd\\x1d\\x03\\x08\\x07\\x02\\x11\\x80\\x81\\x11\\x80\\x81\r \\x08\\x01\\x08\\x08\\x08\\x08\\x08\\x08\\x08\\x11\\x81\\x91\\x0f\\x07\\x03\\x11\\x80\\x81\\x15\\x11y\\x01\\x11\\x80\\x89\\x11\\x80\\x81\t\\x07\\x03\\x11\\x80\\x81\n\\x11\\x80\\x99\\x08 \\x01\\x11\\x80\\x99\\x11\\x80\\x89\\x0b\\x07\\x03\\x11\\x80\\x81\\x11\\x80\\x81\\x11\\x80\\x99\\x03\\x07\\x01\\x0b\\x06\\x00\\x02\\x02\\x0e\\x10\\x0b\\x07\\x00\\x02\n\\x0e\\x12\\x82q\t\\x07\\x01\\x15\\x11y\\x01\\x11\\x80\\x89\\x05\\x07\\x01\\x12\\x91d\t\\x07\\x01\\x15\\x12\\x91h\\x01\\x1e\\x00\\x07\\x15\\x12\\x91h\\x01\\x1e\\x00\\x08\\x06\\x15\\x12\\x80\\xd1\\x01\\x13\\x00\t\\x06\\x15\\x12\\x81M\\x02\\x13\\x00\\x02\\x19\\x07\\x02\\x15\\x12\\x819\\x01\\x15\\x11\\x81=\\x02\\x1e\\x00\\x1e\\x01\\x15\\x11\\x81=\\x02\\x1e\\x00\\x1e\\x01\\x0e\\x15\\x12\\x81I\\x01\\x15\\x11\\x81=\\x02\\x1e\\x00\\x1e\\x01\\x0e\\x15\\x12\\x819\\x01\\x15\\x11\\x81=\\x02\\x1e\\x00\\x1e\\x01\t\\x15\\x11\\x81=\\x02\\x1e\\x00\\x1e\\x01\t\\x15\\x12\\x81Y\\x02\\x1e\\x00\\x1e\\x01\t\\x07\\x03\\x1e\\x00\\x1e\\x00\\x12\\x80\\x80\n\\x07\\x03\\x12\\x85\\x1d\\x12\\x85!\\x1e\\x00\t \\x02\\x01\\x12\\x83\\xb5\\x12\\x83\\xa9\\x0f\\x15"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1196
          },
          {
            "timestamp": "2026-06-28 21:56:15,840",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1197
          },
          {
            "timestamp": "2026-06-28 21:56:15,855",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "d\\x00p\\x00o\\x00i\\x00n\\x00t\\x00 \\x00w\\x00a\\x00s\\x00 \\x00n\\x00o\\x00t\\x00 \\x00f\\x00o\\x00u\\x00n\\x00d\\x00 \\x00i\\x00n\\x00 \\x00t\\x00h\\x00e\\x00 \\x00o\\x00p\\x00e\\x00n\\x00i\\x00d\\x00 \\x00c\\x00o\\x00n\\x00f\\x00i\\x00g\\x00u\\x00r\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00 \\x00tT\\x00o\\x00k\\x00e\\x00n\\x00 \\x00e\\x00n\\x00d\\x00p\\x00o\\x00i\\x00n\\x00t\\x00 \\x00w\\x00a\\x00s\\x00 \\x00n\\x00o\\x00t\\x00 \\x00f\\x00o\\x00u\\x00n\\x00d\\x00 \\x00i\\x00n\\x00 \\x00t\\x00h\\x00e\\x00 \\x00o\\x00p\\x00e\\x00n\\x00i\\x00d\\x00 \\x00c\\x00o\\x00n\\x00f\\x00i\\x00g\\x00u\\x00r\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00 \\x00dI\\x00s\\x00s\\x00u\\x00e\\x00r\\x00 \\x00w\\x00a\\x00s\\x00 \\x00n\\x00o\\x00t\\x00 \\x00f\\x00o\\x00u\\x00n\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1198
          },
          {
            "timestamp": "2026-06-28 21:56:15,855",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1199
          },
          {
            "timestamp": "2026-06-28 21:56:15,855",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x05(\\x00\\x12\\x80\\xa0\\x05(\\x00\\x11\\x81\\x00\\x04(\\x01\\x1c\\x08\\x05(\\x00\\x11\\x81\\x1c\\x0b(\\x00\\x15\\x12\\x81Y\\x02\\x13\\x00\\x13\\x01\t(\\x00\\x15\\x12\\x81a\\x01\\x13\\x00\t(\\x00\\x15\\x12\\x81a\\x01\\x13\\x01\\x06(\\x01\\x13\\x01\\x13\\x00\\x04(\\x01\\x1c\\x1c\\x05(\\x00\\x12\\x81u\\x06\\x08\\x00\\x1d\\x12\\x81\\xdd\\x05\\x08\\x00\\x12\\x81H\\x05\\x08\\x00\\x12\\x81\\x98\\x05\\x08\\x00\\x12\\x81l\\x05(\\x00\\x12\\x82A\t(\\x00\\x15\\x12\\x81\\x8c\\x02\\x1c\\x1c\t(\\x00\\x15\\x12\\x81M\\x02\\x1c\\x1c\t(\\x00\\x15\\x12\\x82\\x1d\\x02\\x1c\\x1c\\x08(\\x00\\x15\\x12\\x82x\\x01\\x1c\\x0b(\\x00\\x15\\x12\\x81Y\\x02\\x0e\\x12\\x81\\x9c\\x04(\\x00\\x1d\\x03\\x04(\\x01\\x03\\x08\\x05\\x08\\x00\\x12\\x81\\xfc\\x05(\\x00\\x11\\x82E\\x05(\\x00\\x11\\x82\\x95\\x05(\\x00\\x12\\x80\\xbd\\x05(\\x00\\x12\\x81\\xec\\x05(\\x00\\x12\\x82,\\x04(\\x00\\x12l\\x07(\\x00\\x15\\x11y\\x01\\x02\t(\\x00\\x15\\x11y\\x01\\x11\\x80\\xec\t(\\x00\\x15\\x11y\\x01\\x11\\x80\\xfc\n(\\x00\\x15\\x12\\x81%\\x01\\x12\\x82\\x1c\n(\\x00\\x15\\x12\\x81%\\x01\\x12\\x82 "
              },
              {
                "name": "Length",
                "value": "63910"
              }
            ],
            "repeated": 0,
            "id": 1200
          },
          {
            "timestamp": "2026-06-28 21:56:15,855",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xa8\\x0e.^\\xb8\\xda\\x01\\x00\\xa8\\x0e.^\\xb8\\xda\\x01\\x00\\xa8\\x0e.^\\xb8\\xda\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1201
          },
          {
            "timestamp": "2026-06-28 21:56:15,855",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 1202
          },
          {
            "timestamp": "2026-06-28 21:56:15,855",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1203
          },
          {
            "timestamp": "2026-06-28 21:56:15,855",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1204
          },
          {
            "timestamp": "2026-06-28 21:56:15,855",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1205
          },
          {
            "timestamp": "2026-06-28 21:56:15,855",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 1206
          },
          {
            "timestamp": "2026-06-28 21:56:15,855",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 2,
            "id": 1207
          },
          {
            "timestamp": "2026-06-28 21:56:15,855",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1208
          },
          {
            "timestamp": "2026-06-28 21:56:15,855",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1209
          },
          {
            "timestamp": "2026-06-28 21:56:15,871",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1210
          },
          {
            "timestamp": "2026-06-28 21:56:15,871",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x00\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1211
          },
          {
            "timestamp": "2026-06-28 21:56:15,871",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x00\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1212
          },
          {
            "timestamp": "2026-06-28 21:56:15,871",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x00\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1213
          },
          {
            "timestamp": "2026-06-28 21:56:15,871",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1214
          },
          {
            "timestamp": "2026-06-28 21:56:15,871",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00B0:\\x83\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\" \\x0b\\x010\\x00\\x00\\xce\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x8a\\xec\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x02\\x00\\x00E\\x13\\x01\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "1626"
              }
            ],
            "repeated": 0,
            "id": 1215
          },
          {
            "timestamp": "2026-06-28 21:56:15,871",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1216
          },
          {
            "timestamp": "2026-06-28 21:56:15,871",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
              },
              {
                "name": "Buffer",
                "value": "{C\\x00\\x00\\x04s4\\x00\\x00\\x06*\\x00\\x00\\x00\\x130\\x03\\x00.\\x00\\x00\\x00\\x01\\x00\\x00\\x11\\x02{D\\x00\\x00\\x04o?\\x00\\x00\\x06\n\\x06,\\x1d\\x06\\x8e,\\x19\\x02{C\\x00\\x00\\x04r\\xba\\x06\\x00po\\x99\\x00\\x00\\x06\\x06\\x14\\x16('\\x00\\x00\n\n\\x06*\\xae\\x03\\x8e,\\x1a\\x02{C\\x00\\x00\\x04r\\xe6\\x06\\x00po\\x99\\x00\\x00\\x06\\x03\\x14\\x16((\\x00\\x00\n\\x10\\x01\\x02{D\\x00\\x00\\x04\\x03o@\\x00\\x00\\x06*\\xae\\x02(\"\\x00\\x00\n\\x02\\x03}E\\x00\\x00\\x04\\x02\\x04}G\\x00\\x00\\x04\\x02\\x05%-\\x0c&r\\x82\\x06\\x00ps%\\x00\\x00\nz}F\\x00\\x00\\x04*\\x8a\\x02{F\\x00\\x00\\x04r\\x0e\\x07\\x00po\\x99\\x00\\x00\\x06\\x02{E\\x00\\x00\\x04\\x02{F\\x00\\x00\\x04(O\\x00\\x00\\x06*\\x8a\\x02{E\\x00\\x00\\x04r\\xae\\x06\\x00p(&\\x00\\x00\n\\x02{G\\x00\\x00\\x04\\x02{F\\x00\\x00\\x04s9\\x00\\x00\\x06*\\x130\\x03\\x00l\\x00\\x00\\x00\\x02\\x00\\x00\\x11s\\xab\\x00\\x00\\x06\n\\x06\\x02}\\x9e\\x00\\x00\\x04\\x02"
              },
              {
                "name": "Length",
                "value": "63942"
              }
            ],
            "repeated": 0,
            "id": 1217
          },
          {
            "timestamp": "2026-06-28 21:56:15,871",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xf5\\xfb\\xed^\\xb8\\xda\\x01\\x00\\xf5\\xfb\\xed^\\xb8\\xda\\x01\\x00\\xf5\\xfb\\xed^\\xb8\\xda\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1218
          },
          {
            "timestamp": "2026-06-28 21:56:15,871",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d8"
              }
            ],
            "repeated": 0,
            "id": 1219
          },
          {
            "timestamp": "2026-06-28 21:56:15,871",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1220
          },
          {
            "timestamp": "2026-06-28 21:56:15,886",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1221
          },
          {
            "timestamp": "2026-06-28 21:56:15,886",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1222
          },
          {
            "timestamp": "2026-06-28 21:56:15,886",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 1223
          },
          {
            "timestamp": "2026-06-28 21:56:15,886",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1224
          },
          {
            "timestamp": "2026-06-28 21:56:15,886",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1225
          },
          {
            "timestamp": "2026-06-28 21:56:15,886",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1226
          },
          {
            "timestamp": "2026-06-28 21:56:15,886",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1227
          },
          {
            "timestamp": "2026-06-28 21:56:15,886",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "Xb\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1228
          },
          {
            "timestamp": "2026-06-28 21:56:15,902",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "Xb\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1229
          },
          {
            "timestamp": "2026-06-28 21:56:15,902",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "Xb\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1230
          },
          {
            "timestamp": "2026-06-28 21:56:15,902",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1231
          },
          {
            "timestamp": "2026-06-28 21:56:15,902",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00\\xd2G\\xbe\\xc9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\" \\x0b\\x010\\x00\\x000\\x01\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x12O\\x01\\x00\\x00 \\x00\\x00\\x00`\\x01\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x01\\x00\\x00\\x02\\x00\\x00n/\\x02\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "1594"
              }
            ],
            "repeated": 0,
            "id": 1232
          },
          {
            "timestamp": "2026-06-28 21:56:15,902",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1233
          },
          {
            "timestamp": "2026-06-28 21:56:15,902",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
              },
              {
                "name": "Buffer",
                "value": "&~p\\x00\\x00\\x04\\xfe\\x06K\\x03\\x00\\x06s\\x1a\\x00\\x00\n%\\x80s\\x00\\x00\\x04\\x14\\xfe\\x06I\\x00\\x00\\x06s;\\x03\\x00\\x06\\x03(\\x03\\x00\\x00+\n+\\x00\\x06*\\xa6\\x00\\x02\\x03~t\\x00\\x00\\x04%-\\x17&~p\\x00\\x00\\x04\\xfe\\x06L\\x03\\x00\\x06s\\x1b\\x00\\x00\n%\\x80t\\x00\\x00\\x04(\\x04\\x00\\x00+\\x00*\\x00\\x00\\x130\\x03\\x00\\x12\\x00\\x00\\x00\\x05\\x00\\x00\\x11\\x00~\\x10\\x00\\x00\\x04\\x03\\x04oK\\x00\\x00\\x06\n+\\x00\\x06*\\x00\\x00\\x130\\x02\\x00\\x16\\x00\\x00\\x00\\x03\\x00\\x00\\x11\\x00~\\x10\\x00\\x00\\x04\\x03oM\\x00\\x00\\x06(\\xb6\\x00\\x00\\x06\n+\\x00\\x06*\\x00\\x00\\x1b0\\x04\\x00o\\x00\\x00\\x00\\x06\\x00\\x00\\x11sQ\\x03\\x00\\x06\n\\x00\\x06\\x03s\\x1c\\x00\\x00\n}y\\x00\\x00\\x04\\x06\\x14\\xfe\\x06U\\x00\\x00\\x06s7\\x03\\x00\\x06}z\\x00\\x00\\x04\\x06\\xfe\\x06R\\x03\\x00\\x06s\\x1d\\x00\\x00\n\\x0b\\x07(\\x1e\\x00\\x00\n\\x0c\\x00\\x02\\x06{z\\x00\\x00\\x04\\x08(\\x1f\\x00\\x00\n\\x12\\x03oX\\x00\\x00\\x06\\x00\\x03\\x08o\\xde\\x00\\x00\\x06"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1234
          },
          {
            "timestamp": "2026-06-28 21:56:15,902",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1235
          },
          {
            "timestamp": "2026-06-28 21:56:15,902",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
              },
              {
                "name": "Buffer",
                "value": "nal\\x00GetErrorInternal\\x00GetReadAccountErrorInternal\\x00GetSignOutErrorInternal\\x00GetAccountAtInternal\\x00Fatal\\x00hndl\\x00Cancel\\x00System.ComponentModel\\x00get_LogLevel\\x00logLevel\\x00Microsoft.Identity.Client.NativeInterop.dll\\x00get_Item\\x00set_Item\\x00get_OperatingSystem\\x00get_Realm\\x00MSALRUNT"
              },
              {
                "name": "Length",
                "value": "23582"
              }
            ],
            "repeated": 0,
            "id": 1236
          },
          {
            "timestamp": "2026-06-28 21:56:15,902",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00i>b\\xa4\\xb6\\xda\\x01\\x00i>b\\xa4\\xb6\\xda\\x01\\x00i>b\\xa4\\xb6\\xda\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1237
          },
          {
            "timestamp": "2026-06-28 21:56:15,902",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 1238
          },
          {
            "timestamp": "2026-06-28 21:56:15,902",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 2,
            "id": 1239
          },
          {
            "timestamp": "2026-06-28 21:56:15,902",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1240
          },
          {
            "timestamp": "2026-06-28 21:56:15,902",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1241
          },
          {
            "timestamp": "2026-06-28 21:56:15,902",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 1242
          },
          {
            "timestamp": "2026-06-28 21:56:15,918",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1243
          },
          {
            "timestamp": "2026-06-28 21:56:15,918",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1244
          },
          {
            "timestamp": "2026-06-28 21:56:15,918",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1245
          },
          {
            "timestamp": "2026-06-28 21:56:15,918",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1246
          },
          {
            "timestamp": "2026-06-28 21:56:15,918",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": " J\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1247
          },
          {
            "timestamp": "2026-06-28 21:56:15,918",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": " J\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1248
          },
          {
            "timestamp": "2026-06-28 21:56:15,918",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": " J\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1249
          },
          {
            "timestamp": "2026-06-28 21:56:15,918",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1250
          },
          {
            "timestamp": "2026-06-28 21:56:15,918",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00c{(\\x96\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\" \\x0b\\x010\\x00\\x00\\x18\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\xfe6\\x00\\x00\\x00 \\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x02\\x00\\x00F\\x8d\\x00\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "18976"
              }
            ],
            "repeated": 0,
            "id": 1251
          },
          {
            "timestamp": "2026-06-28 21:56:15,918",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00m\\xc8\\xc1\\x12$\\xda\\x01\\x00m\\xc8\\xc1\\x12$\\xda\\x01\\x00m\\xc8\\xc1\\x12$\\xda\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1252
          },
          {
            "timestamp": "2026-06-28 21:56:15,918",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 1253
          },
          {
            "timestamp": "2026-06-28 21:56:15,933",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1254
          },
          {
            "timestamp": "2026-06-28 21:56:15,933",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1255
          },
          {
            "timestamp": "2026-06-28 21:56:15,933",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1256
          },
          {
            "timestamp": "2026-06-28 21:56:15,933",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 1257
          },
          {
            "timestamp": "2026-06-28 21:56:15,949",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1258
          },
          {
            "timestamp": "2026-06-28 21:56:15,949",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1259
          },
          {
            "timestamp": "2026-06-28 21:56:15,949",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1260
          },
          {
            "timestamp": "2026-06-28 21:56:15,949",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1261
          },
          {
            "timestamp": "2026-06-28 21:56:15,949",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\xb9\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1262
          },
          {
            "timestamp": "2026-06-28 21:56:15,949",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\xb9\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1263
          },
          {
            "timestamp": "2026-06-28 21:56:15,949",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\xb9\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1264
          },
          {
            "timestamp": "2026-06-28 21:56:15,949",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1265
          },
          {
            "timestamp": "2026-06-28 21:56:15,949",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00\"\\xbc6\\xdb\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\" \\x0b\\x010\\x00\\x00\\x82\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\xa0\\x00\\x00\\x00 \\x00\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x02\\x00\\x00\\x08\\xf2\\x00\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "22978"
              }
            ],
            "repeated": 0,
            "id": 1266
          },
          {
            "timestamp": "2026-06-28 21:56:15,949",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1267
          },
          {
            "timestamp": "2026-06-28 21:56:15,949",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00AddSegment\\x00SplitLastSegment\\x00segment\\x00GetRegistryValueFromCurrentUserRoot\\x00TrimStart\\x00Convert\\x00Abort\\x00HttpWebRequest\\x00CreateHttpRequest\\x00set_Timeout\\x00fileExt\\x00MoveNext\\x00System.Text\\x00get_Now\\x00Pow\\x00UriEx\\x00Max\\x00updateMutex\\x00Delay\\x00set_CachePolicy\\x00HttpRequestCachePolicy\\x00cacheP"
              },
              {
                "name": "Length",
                "value": "24558"
              }
            ],
            "repeated": 0,
            "id": 1268
          },
          {
            "timestamp": "2026-06-28 21:56:15,949",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x03\\x11\\xa4\\x06R\\xd9\\x01\\x00\\x03\\x11\\xa4\\x06R\\xd9\\x01\\x00\\x03\\x11\\xa4\\x06R\\xd9\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1269
          },
          {
            "timestamp": "2026-06-28 21:56:15,949",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 1270
          },
          {
            "timestamp": "2026-06-28 21:56:15,949",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 2,
            "id": 1271
          },
          {
            "timestamp": "2026-06-28 21:56:15,965",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1272
          },
          {
            "timestamp": "2026-06-28 21:56:15,965",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1273
          },
          {
            "timestamp": "2026-06-28 21:56:15,965",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 1274
          },
          {
            "timestamp": "2026-06-28 21:56:15,965",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1275
          },
          {
            "timestamp": "2026-06-28 21:56:15,965",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1276
          },
          {
            "timestamp": "2026-06-28 21:56:15,965",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1277
          },
          {
            "timestamp": "2026-06-28 21:56:15,965",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1278
          },
          {
            "timestamp": "2026-06-28 21:56:15,965",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "X)\t\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1279
          },
          {
            "timestamp": "2026-06-28 21:56:15,965",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "X)\t\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1280
          },
          {
            "timestamp": "2026-06-28 21:56:15,965",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "X)\t\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1281
          },
          {
            "timestamp": "2026-06-28 21:56:15,965",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1282
          },
          {
            "timestamp": "2026-06-28 21:56:15,965",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00|\\xec\\xe4\\xeb\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\" \\x0b\\x010\\x00\\x00&\\x08\\x00\\x00\\xd8\\x00\\x00\\x00\\x00\\x00\\x00\\xdaD\\x08\\x00\\x00 \\x00\\x00\\x00`\\x08\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\t\\x00\\x00\\x02\\x00\\x00)\\xf0\t\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "40978"
              }
            ],
            "repeated": 0,
            "id": 1283
          },
          {
            "timestamp": "2026-06-28 21:56:15,965",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1284
          },
          {
            "timestamp": "2026-06-28 21:56:15,965",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x04\\xfe\\x06L\\x0b\\x00\\x06s^\\x02\\x00\n%\\x80^\\x12\\x00\\x04*\\x00\\x00\\x00\\x1b0\\x02\\x00:\\x00\\x00\\x00|\\x00\\x00\\x11\\x02-\\x02\\x17*\\x02o.\\x00\\x00\n\n\\x06ut\\x00\\x00\\x01\\x0b\\x07,\\x18\\x07\\x0c\\x06o\\x88\\x00\\x00\n\\x16\\xfe\\x01\r\\xde\\x14\\x08,\\x06\\x08o\\x89\\x00\\x00\n\\xdc\\x06o\\x88\\x00\\x00\n\\x16\\xfe\\x01*\t*\\x00\\x00\\x01\\x10\\x00\\x00\\x02\\x00\\x18\\x00\\x0c$\\x00\n\\x00\\x00\\x00\\x00\\x130\\x01\\x00Q\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0c\\x00\\x00\\x01(\\xa6\\x00\\x00\n(\\xfa\\x01\\x00\n\\x80P\\x0f\\x00\\x04\\xd0S\\x00\\x00\\x01(\\xa6\\x00\\x00\n(\\xfa\\x01\\x00\n\\x80Q\\x0f\\x00\\x04\\xd0T\\x00\\x00\\x01(\\xa6\\x00\\x00\n(\\xfa\\x01\\x00\n\\x80R\\x0f\\x00\\x04\\xd0V\\x00\\x00\\x01(\\xa6\\x00\\x00\n(\\xfa\\x01\\x00\n\\x80S\\x0f\\x00\\x04*:\\x02(W\\x00\\x00\n\\x02\\x03}T\\x0f\\x00\\x04*\\x1e\\x02{T\\x0f\\x00\\x04*:\\x02(a\\x02\\x00\n\\x02\\x03}U\\x0f\\x00\\x04*\\x00\\x1b0\\x05\\x00\\xa1\\x00\\x00\\x00}\\x00\\x00\\x11\\x0e\\x05"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1285
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1286
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "Buffer",
                "value": "-rV\\x80\\xb2P\\x01\\x00-rV\\x80<s\\x01\\x00-rV\\x80\t,\\x01\\x00-rV\\x80\\x1a,\\x01\\x00-rV\\x80zz\\x01\\x00-rV\\x80\\x8dq\\x00\\x00-rV\\x80\\xa4k\\x01\\x00-rV\\x80C\\x86\\x00\\x00-rV\\x80\\x99\\x87\\x00\\x00-rV\\x80\\xfa\\x85\\x00\\x00-rV\\x80]\r\\x01\\x00-rV\\x80u\\x8d\\x00\\x00-rV\\x80\\xc3\\xdd\\x00\\x00-rV\\x80\\x144\\x00\\x00-rV\\x80`]\\x00\\x00-rV\\x80\\xce\\xa4\\x00\\x00-rV\\x80\\xe4B\\x00\\x00-rV\\x80\\xd9\\xde\\x00\\x00-rV\\x80\\xf5&\\x01\\x00-rV\\x80\\xc16\\x00\\x00-rV\\x80|\\x9f\\x01\\x00-rV\\x80s\\xc5\\x00\\x00-rV\\x80_4\\x01\\x00-rV\\x80\\x84T\\x00\\x00-rV\\x80;4\\x01\\x00-rV\\x80\\x1b\\xf6\\x00\\x00-rV\\x80\\x13\\x1a\\x00\\x00-rV\\x80\\x98\\xa1\\x01\\x00-rV\\x80\\x83\\x06\\x01\\x00-rV\\x80\\xae\\xed\\x00\\x00-rV\\x80\\xa4\\xb9\\x00\\x00-rV\\x80\\xc6\\xba\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1287
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1288
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x86\\x08\\x7f\\x04\\x02\\x00r\rU\\x0784\\x01\\x00\\x00\\x00\\x86\\x08\\x92\\x04\\x02\\x00\\xbb\\x92U\\x07A4\\x01\\x00\\x00\\x00\\x86\\x08\\x08\\xbe\\x01\\x00\\xd7\\x00V\\x07I4\\x01\\x00\\x00\\x00\\x86\\x08\\x19\\xbe\\x01\\x00\\xe6\\x01V\\x07R4\\x01\\x00\\x00\\x00\\x86\\x08\\xdc\\xbc\\x01\\x00\\xd7\\x00W\\x07Z4\\x01\\x00\\x00\\x00\\x86\\x08\\xea\\xbc\\x01\\x00\\xe6\\x01W\\x07c4\\x01\\x00\\x00\\x00\\x86\\x08\\xce\\xbc\\x01\\x00\\xd7\\x00X\\x07p4\\x01\\x00\\x00\\x00\\x86\\x08>w\\x02\\x00\\xc2\\x92X\\x07x4\\x01\\x00\\x00\\x00\\x86\\x08$Y\\x02\\x00\\xcd\\x92X\\x07\\x804\\x01\\x00\\x00\\x00\\x86\\x00\\x99|\\x02\\x00)\\x05X\\x07\\x105\\x01\\x00\\x00\\x00\\x86\\x00\\x04$\\x02\\x00\\xa7\\x92Z\\x07P6\\x01\\x00\\x00\\x00\\x86\\x18\\x8bT\\x02\\x00\\x01\\x00[\\x07n6\\x01\\x00\\x00\\x00\\xe6\\x01\\x08k\\x02\\x00\\xd8\\x92[\\x07\\x816\\x01\\x00\\x00\\x00\\xe6\\x01\\xa7\\xea\\x01\\x00\\xe2\\x92]\\x07\\x9e6\\x01\\x00\\x00\\x00\\x86\\x18\\x8bT\\x02\\x00\\x01\\x00^\\x07\\xa66\\x01\\x00\\x00\\x00\\x91\\x18\\xc4T\\x02\\x00\\xde\t^\\x07\\xb26\\x01\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1289
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1290
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00B2\\xbe\\xb1\\xe3\\x1b\\x00\\x00R\\x00\\x12\\xa8\\xe3\\x1b\\x00\\x00B\\x00Ez\\xe9\\x1b\\x00\\x00\\x03\\x01\\xf9\\xad\\x03\\x1c\\x00\\x00\\xdb\\x00O1\\x04\\x1c\\x00\\x00B\\x00\\x0c\\xa8\t\\x1c\\x00\\x00\\x03\\x01\\xf9\\xad#\\x1c\\x00\\x00\\xc3\\x00\\xb6\\xad)\\x1c\\x00\\x00\\x03\\x01\\xf9\\xadC\\x1c\\x00\\x00R\\x00\\x12\\xa8C\\x1c\\x00\\x00B\\x00Ez\\x83\\x1c\\x00\\x00R\\x00\\x12\\xa8\\x83\\x1c\\x00\\x00B\\x00Ez\\xa3\\x1c\\x00\\x00R\\x00\\x12\\xa8\\xa3\\x1c\\x00\\x00B\\x00Ez\\xc3\\x1c\\x00\\x00R\\x00\\x12\\xa8\\xc9\\x1c\\x00\\x00\\x03\\x01H\\xb0\\xe3\\x1c\\x00\\x00R\\x00\\x0c\\xa8\\xe9\\x1c\\x00\\x00\\x03\\x01m\\xb0\\x03\\x1d\\x00\\x00R\\x00\\x0c\\xa8\\x03\\x1d\\x00\\x00B\\x00Ez\t\\x1d\\x00\\x00\\x03\\x01\\xed\\xb1$\\x1d\\x00\\x00B\\x00\\x0c\\xa8C\\x1d\\x00\\x00R\\x00\\x12\\xa8c\\x1d\\x00\\x00\\x0b\\x00O1 \\x1e\\x00\\x00\\xab\\x00O1@\\x1e\\x00\\x00\\xab\\x00O1D\\x1e\\x00\\x00\\xf3\\x00O1\\x83\\x1e\\x00\\x00R\\x00\\x12\\xa8\\xa3\\x1e\\x00\\x00R\\x00\\x12\\xa8\\xa3\\x1e\\x00\\x00B\\x00Ez\\xc4\\x1e\\x00\\x00\\xf3\\x00O1C\\x1f"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1291
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1292
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "Buffer",
                "value": "STATE_CREATED\\x00ERROR_ADDRESS_NOT_ASSOCIATED\\x00ERROR_VID_NOTIFICATION_QUEUE_ALREADY_ASSOCIATED\\x00ERROR_ADDRESS_ALREADY_ASSOCIATED\\x00ERROR_FAIL_REBOOT_INITIATED\\x00ERROR_SUCCESS_REBOOT_INITIATED\\x00ERROR_TRANSACTION_INTEGRITY_VIOLATED\\x00ERROR_CLUSTER_NODE_ISOLATED\\x00ERROR_FI"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1293
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1294
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "Buffer",
                "value": "_IN_PROGRESS\\x00ERROR_OPERATION_IN_PROGRESS\\x00ERROR_FILE_METADATA_OPTIMIZATION_IN_PROGRESS\\x00ERROR_CLUSTER_DATABASE_TRANSACTION_IN_PROGRESS\\x00ERROR_VOLMGR_TRANSACTION_IN_PROGRESS\\x00ERROR_NO_SHUTDOWN_IN_PROGRESS\\x00ERROR_SERVER_SHUTDOWN_IN_PROGRESS\\x00ERROR_SHUTDOWN_IN_PROG"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1295
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1296
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00splitNodes\\x00get_DependencyNodes\\x00dependencyNodes\\x00nodes\\x00Microsoft.VisualStudio.Setup.Cache.IInstance.Packages\\x00Microsoft.VisualStudio.Setup.Cache.IInstance.get_Packages\\x00GetAllCachedPackages\\x00Microsoft.VisualStudio.Setup.Cache.IErrorState.FailedPackages\\x00Microso"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1297
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1298
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "Buffer",
                "value": "#\\x00\\x00\\x04.#\\x00\\x00\\x04/#\\x00\\x00\\x040#\\x00\\x00\\x041#\\x00\\x00\\x042#\\x00\\x00\\x048#\\x00\\x00\\x049#\\x00\\x00\\x04:#\\x00\\x00\\x04\\x8c#\\x00\\x00\\x04\\x8d#\\x00\\x00\\x04\\x8e#\\x00\\x00\\x04\\x8f#\\x00\\x00\\x04\\x90#\\x00\\x00\\x04\\x91#\\x00\\x00\\x04\\x92#\\x00\\x00\\x04\\x93#\\x00\\x00\\x04\\x94#\\x00\\x00\\x04\\x95#\\x00\\x00\\x04\\x96#\\x00\\x00\\x04\\x97#\\x00\\x00\\x04\\x98#\\x00\\x00\\x04\\x99#\\x00\\x00\\x04\\x9a#\\x00\\x00\\x04\\x9b#\\x00\\x00\\x04\\x9c#\\x00\\x00\\x04\\x9d#\\x00\\x00\\x04\\x9e#\\x00\\x00\\x04\\x9f#\\x00\\x00\\x04\\xa0#\\x00\\x00\\x04\\xa1#\\x00\\x00\\x04\\xa2#\\x00\\x00\\x04\\xa3#\\x00\\x00\\x04\\xa4#\\x00\\x00\\x04\\xa5#\\x00\\x00\\x04\\xa6#\\x00\\x00\\x04\\xa7#\\x00\\x00\\x04\\xa8#\\x00\\x00\\x04\\xa9#\\x00\\x00\\x04\\xaa#\\x00\\x00\\x04\\x1c%\\x00\\x00\\x04\\x1e%\\x00\\x00\\x04\\x1f%\\x00\\x00\\x04 %\\x00\\x00\\x04!%\\x00\\x00\\x04N%\\x00\\x00\\x04O%\\x00\\x00\\x04P%\\x00\\x00\\x04Q%\\x00\\x00\\x04R%\\x00\\x00\\x04S%\\x00\\x00\\x04T%"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1299
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1300
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\x00\\x00\\x00e\\x01\\x00\\x18\\x00\\x00\\x00\\xc8\\x01\\x00\\x00\\x00f\\x01\\x00\\x18\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00g\\x01\\x00\\x18\\x00\\x00\\x00\\xc8\\x01\\x00\\x00\\x00h\\x01\\x00\\x18\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00\\x91\\x00\\x00\\x18\\x00\\x00\\x00\\xc8\\x01\\x00\\x00\\x00\\x90\\x00\\x00\\x18\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00\\x92\\x00\\x00\\x18\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00\\x93\\x00\\x00\\x18\\x00\\x00\\x00\\xc8\\x01\\x00\\x00\\x00\\x94\\x00\\x00\\x18\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00\\x95\\x00\\x00\\x18\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00\\xb6\\x04\\x00\\x18\\x00\\x00\\x00\\xc8\\x01\\x00\\x00\\x00\\xb5\\x04\\x00\\x18\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00\\xb7\\x04\\x00\\x18\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00\\xb8\\x04\\x00\\x18\\x00\\x00\\x00\\xc8\\x01\\x00\\x00\\x00\\xb9\\x04\\x00\\x18\\x00\\x00\\x00\\xc8\\x01\\x00\\x00\\x00\\xba\\x04\\x00\\x18\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00\\xbb\\x04\\x00\\x18\\x00\\x00\\x00\\xc8\\x01\\x00\\x00\\x00\\xbc\\x04\\x00\\x18\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00\\xbd\\x04\\x00\\x18\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00\\xcd\\x04\\x00\\x18\\x00\\x00\\x00\\xc8\\x01\\x00\\x00\\x00\\xcc\\x04\\x00\\x18\\x00\\x00\\x00\\xc0\\x01\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "35142"
              }
            ],
            "repeated": 0,
            "id": 1301
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x822\\x90\\x8b\\x10\\xdc\\x01\\x00\\x822\\x90\\x8b\\x10\\xdc\\x01\\x00\\x822\\x90\\x8b\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1302
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 1303
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1304
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1305
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1306
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 1307
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00ca7d88",
            "parentcaller": "0x00cb3b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x009a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1308
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "3636",
            "caller": "0x00ca7d88",
            "parentcaller": "0x00cb3b50",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04ee3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1309
          },
          {
            "timestamp": "2026-06-28 21:56:15,980",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1310
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1311
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1312
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1313
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "X\\xeb\\x16\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1314
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "X\\xeb\\x16\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1315
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "X\\xeb\\x16\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1316
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1317
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00\\xf3f\\x95\\x9c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\" \\x0b\\x010\\x00\\x00N\\x16\\x00\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x9eh\\x16\\x00\\x00 \\x00\\x00\\x00\\x80\\x16\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x17\\x00\\x00\\x02\\x00\\x00\\x10\\xaf\\x17\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "30394"
              }
            ],
            "repeated": 0,
            "id": 1318
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1319
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x06oF\\x02\\x00\n(\\x10\t\\x00\\x06\\x13\\x07\\x04,'\\x04oG\\x02\\x00\n\\x11\\x06oG\\x02\\x00\n\\x19o\\x01\\x01\\x00\n-$(D\\x05\\x00\\x06\\x11\\x07(\\xc9\\x00\\x00\ns\\x08\\x01\\x00\nz(D\\x05\\x00\\x06\\x11\\x07(\\xc9\\x00\\x00\ns\\x08\\x01\\x00\nz\\x04,O\\x04oH\\x02\\x00\n(\\x0c\\x01\\x00\n-B\\x03\\x16(I\\x02\\x00\n(J\\x02\\x00\n\\x04oH\\x02\\x00\n\\x16(I\\x02\\x00\n(J\\x02\\x00\n\\x13\\x08\\x11\\x08\\x19(\\xf1\\x01\\x00\n-\\x19(\\xa3\\x05\\x00\\x06\\x03\\x11\\x08\\x04oG\\x02\\x00\n([\\x01\\x00\ns\\x08\\x01\\x00\nz*\\x00\\x00\\x01\\x10\\x00\\x00\\x02\\x00\\xdd\\x00\\x0c\\xe9\\x00\\x0b\\x00\\x00\\x00\\x00\\x130\\x03\\x00\\xae\\x00\\x00\\x00\\x98\\x00\\x00\\x11\\x0f\\x00\\xfe\\x16\\xae\\x00\\x00\\x01o\\x7f\\x00\\x00\n\n\\x02\\x17@\\x89\\x00\\x00\\x00\\x039\\x83\\x00\\x00\\x00\\x03\\x17(K\\x02\\x00\n\\x0b\\x07,0~L\\x02\\x00\n\\x07\\x04oM\\x02\\x00\n,\"\\x07o\\x85\\x01\\x00\n\\x04oN\\x02\\x00\n(i\\x01\\x00\n-"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1320
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1321
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x11\\x02{\\x0f\\x04\\x00\\x04o\\xe3\\x07\\x00\\x06\\x03\\x16oQ\\x05\\x00\n\r\\x03\\x04\\x02{\\x0f\\x04\\x00\\x04\\x02{\\x12\\x04\\x00\\x04%-\\x04&\\x16+\\x05o\\xd3\\x03\\x00\\x06(O\t\\x00\\x06,a\\x02{\\x0f\\x04\\x00\\x04\\x03\\x16s\\x10\\x17\\x00\\x06\n\\x02{\\x0f\\x04\\x00\\x04\\x03\\x02{\\x16\\x04\\x00\\x04\\x16s+\\x16\\x00\\x06%\\x02{\\x12\\x04\\x00\\x04o/\\x16\\x00\\x06\\x0b\\x07\\x0e\\x05o\\xd4\\x16\\x00\\x06\\x02{\\x0f\\x04\\x00\\x04\\x02(\\x11\\x05\\x00\\x06\\x07\\x0e\\x04\\x03\\x04\\x05s \\x02\\x00\nsf\\x16\\x00\\x06%\\x02{\\x12\\x04\\x00\\x04oi\\x16\\x00\\x06\\x0c+'\\x14\n\\x14\\x0b\\x02{\\x0f\\x04\\x00\\x04\\x0e\\x04\\x03\\x04\t\\x05s \\x02\\x00\nsg\\x16\\x00\\x06%\\x02{\\x12\\x04\\x00\\x04oi\\x16\\x00\\x06\\x0csd\\x19\\x00\\x06%\\x06o_\\x19\\x00\\x06%\\x07oa\\x19\\x00\\x06%\\x08oc\\x19\\x00\\x06*\\x00\\x130\\x03\\x00y\\x00\\x00\\x00Q\\x01\\x00\\x11\\x02{\\x10\\x04\\x00\\x04%-\\x04&\\x14+\\x05(R\\x05\\x00\n\n\\x02{\\x10\\x04\\x00\\x04%"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1322
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1323
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x02\\x03\\x04(&\t\\x00\\x06\\x0b\\x02\\x03\\x07(+\t\\x00\\x06+\\xc3*\\x00\\x00\\x130\\x03\\x00\\x1f\\x00\\x00\\x00\\xf7\\x01\\x00\\x11 \\x02\\x00\\x00\\xf0\n\\x02\\x03\\x06(/\t\\x00\\x06\\x02\\x03\\x1a(/\t\\x00\\x06\\x02\\x03\\x04(/\t\\x00\\x06*\\x00\\x130\\x04\\x00\\x1b\\x00\\x00\\x00\\xa8\\x01\\x00\\x11\\x1a\\x8d8\\x02\\x00\\x01\n\\x03\\x06\\x16\\x06\\x8eioU\\x04\\x00\n&\\x06\\x16(\\x83\\x07\\x00\n*\\x00\\x130\\x04\\x00'\\x00\\x00\\x00\\xa8\\x01\\x00\\x11\\x02\\x03(,\t\\x00\\x06\\x18Z\\x8d8\\x02\\x00\\x01\n\\x03\\x06\\x16\\x06\\x8eioU\\x04\\x00\n&(}\\x06\\x00\n\\x06o\\x8a\\x06\\x00\n*B\\x04\\x02\\x03(,\t\\x00\\x06T\\x03o\\x84\\x07\\x00\n*\\x130\\x04\\x00\\x13\\x00\\x00\\x00\\xa8\\x01\\x00\\x11\\x04(\\x85\\x07\\x00\n\n\\x03\\x06\\x16\\x06\\x8eioQ\\x04\\x00\n*\\x00\\x1b0\\x02\\x00.\\x00\\x00\\x00\\xf8\\x01\\x00\\x11\\x04o\\x86\\x07\\x00\n,%\\x03\n\\x16\\x0b\\x06\\x12\\x01(\\x86\\x01\\x00\n\\x03\\x04o\\x86\\x07\\x00\no\\x87\\x07\\x00\n&\\xde\n\\x07,\\x06"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1324
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1325
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "\n(\\x9e\\x01\\x00+*\\xea\\x02{-\\x08\\x00\\x04o.\\x14\\x00\\x06~\\xb0\\x10\\x00\\x04%-\\x17&~\\xaf\\x10\\x00\\x04\\xfe\\x06\\xc1\\x1a\\x00\\x06s\\x7f\t\\x00\n%\\x80\\xb0\\x10\\x00\\x04(\\x9f\\x01\\x00+~}\t\\x00\n(\\x9d\\x01\\x00+*\\x130\\x02\\x00G\\x00\\x00\\x00\\x9b\\x02\\x00\\x11\\x12\\x00(q\\x01\\x00\n}\\xb3\\x10\\x00\\x04\\x12\\x00\\x02}\\xb4\\x10\\x00\\x04\\x12\\x00\\x03}\\xb5\\x10\\x00\\x04\\x12\\x00\\x04}\\xb6\\x10\\x00\\x04\\x12\\x00\\x15}\\xb2\\x10\\x00\\x04\\x12\\x00|\\xb3\\x10\\x00\\x04\\x12\\x00(\\xa0\\x01\\x00+\\x12\\x00|\\xb3\\x10\\x00\\x04(s\\x01\\x00\n*6\\x02{-\\x08\\x00\\x04\\x03o0\\x14\\x00\\x06*\\x00\\x00\\x00\\x130\\x02\\x00?\\x00\\x00\\x00\\x9c\\x02\\x00\\x11\\x12\\x00(q\\x01\\x00\n}\\xc1\\x10\\x00\\x04\\x12\\x00\\x02}\\xc2\\x10\\x00\\x04\\x12\\x00\\x03}\\xc3\\x10\\x00\\x04\\x12\\x00\\x15}\\xc0\\x10\\x00\\x04\\x12\\x00|\\xc1\\x10\\x00\\x04\\x12\\x00(\\xa1\\x01\\x00+\\x12\\x00|\\xc1\\x10\\x00\\x04(s\\x01\\x00\n*\\x00\\x130\\x02\\x00G\\x00\\x00\\x00\\x9d\\x02\\x00\\x11\\x12\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1326
          },
          {
            "timestamp": "2026-06-28 21:56:15,996",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1327
          },
          {
            "timestamp": "2026-06-28 21:56:16,011",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "*\\x00\\x130\\x02\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02(x\\x00\\x00\n\\x02\\x03{\\x1d\\x0b\\x00\\x04}\\x1d\\x0b\\x00\\x04\\x02\\x03{\\x1e\\x0b\\x00\\x04}\\x1e\\x0b\\x00\\x04\\x02\\x03{\\x1f\\x0b\\x00\\x04}\\x1f\\x0b\\x00\\x04\\x02\\x03{ \\x0b\\x00\\x04} \\x0b\\x00\\x04\\x02\\x03{!\\x0b\\x00\\x04}!\\x0b\\x00\\x04**\\x02\\x03\\x04\\x05(\\xec\\x03\\x00\n*.\\xd0\\xa2\\x02\\x00\\x02(\\xfe\\x01\\x00\n*\\x1e\\x02{\"\\x0b\\x00\\x04*\"\\x02\\x03}\"\\x0b\\x00\\x04*\\x1e\\x02{#\\x0b\\x00\\x04*\"\\x02\\x03}#\\x0b\\x00\\x04*\\x1e\\x02{$\\x0b\\x00\\x04*\"\\x02\\x03}$\\x0b\\x00\\x04*\\x1e\\x02{%\\x0b\\x00\\x04*\"\\x02\\x03}%\\x0b\\x00\\x04*\\x1e\\x02{&\\x0b\\x00\\x04*\"\\x02\\x03}&\\x0b\\x00\\x04*\\x1e\\x02{'\\x0b\\x00\\x04*\"\\x02\\x03}'\\x0b\\x00\\x04*\\x130\\x02\\x00@\\x00\\x00\\x00\\xd6\\x00\\x00\\x11s\\xe7\\x03\\x00\n\n\\x06r\\xa8\\xba\\x01po\\xe8\\x03\\x00\n&\\x06r\\xc6B\\x00po\\xe8\\x03\\x00\n&\\x02\\x06o6\\x12\\x00\\x06,"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1328
          },
          {
            "timestamp": "2026-06-28 21:56:16,011",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1329
          },
          {
            "timestamp": "2026-06-28 21:56:16,011",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "{\\xb8\\x0c\\x00\\x04(m\\x00\\x00+o\\xfa\\x05\\x00\\x06\\x06\\x02{\\xb6\\x0c\\x00\\x04os\\x04\\x00\\x06\\x17o\\xb0\\x03\\x00\n\\x13\r\\x11\\x0co\\xfb\\x05\\x00\\x06%-\\x03&+\\x05(\\x0c\\x0e\\x00\n\\x11\\x0co\\xf9\\x05\\x00\\x06%-\\x03&+\\x05(\\x0c\\x0e\\x00\n\\x11\\x04\\x11\r\\x11\\x0co\r\\x0e\\x00\n\\x11\r(\\xb9\\x03\\x00\n\\xde\\x18\\x11\r,\\x07\\x11\ro/\\x00\\x00\n\\xdc\\x11\\x0b,\\x07\\x11\\x0bo/\\x00\\x00\n\\xdc*\\x00\\x00A\\x94\\x00\\x00\\x02\\x00\\x00\\x00\\xd2\\x01\\x00\\x008\\x00\\x00\\x00\n\\x02\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xc0\\x00\\x00\\x00V\\x01\\x00\\x00\\x16\\x02\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xa9\\x02\\x00\\x00\\x14\\x00\\x00\\x00\\xbd\\x02\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00k\\x02\\x00\\x00^\\x00\\x00\\x00\\xc9\\x02\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00I\\x03\\x00\\x008\\x00\\x00\\x00\\x81\\x03\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xfd\\x02\\x00\\x00\\x90\\x00\\x00\\x00\\x8d\\x03"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1330
          },
          {
            "timestamp": "2026-06-28 21:56:16,011",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1331
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x04\\x12\\x08\\x02(\\xf2\\x02\\x00+\\xddy\\x01\\x00\\x00\\x02{\\xa6\\x11\\x00\\x04\\x13\\x08\\x02|\\xa6\\x11\\x00\\x04\\xfe\\x15\\xa6\\x03\\x00\\x1b\\x02\\x15%\n}\\x99\\x11\\x00\\x04\\x12\\x08(\\xc1\\x0f\\x00\n\\x13\\x07\\x11\\x07,\\x0f\\x02{\\xa1\\x11\\x00\\x04\\x11\\x07o\\xc2\\x0f\\x00\n+\\x17\\x02{\\xa2\\x11\\x00\\x04\\x02{\\xa5\\x11\\x00\\x04\\x17sP\\x0b\\x00\\x06o\\xc3\\x0f\\x00\n\\x02\\x14}\\xa5\\x11\\x00\\x04\\x02{\\xa4\\x11\\x00\\x04o0\\x00\\x00\n:\\x11\\xff\\xff\\xff\\xde\\x18\\x06\\x16/\\x13\\x02{\\xa4\\x11\\x00\\x04,\\x0b\\x02{\\xa4\\x11\\x00\\x04o/\\x00\\x00\n\\xdc\\x02\\x14}\\xa4\\x11\\x00\\x04\\xde\\x18\\x06\\x16/\\x13\\x02{\\xa3\\x11\\x00\\x04,\\x0b\\x02{\\xa3\\x11\\x00\\x04o/\\x00\\x00\n\\xdc\\x02\\x14}\\xa3\\x11\\x00\\x04\\x02{\\xa1\\x11\\x00\\x04~\\x87\\x11\\x00\\x04%-\\x17&~\\x86\\x11\\x00\\x04\\xfe\\x06a\\x1b\\x00\\x06s\\xc4\\x0f\\x00\n%\\x80\\x87\\x11\\x00\\x04(\\xf3\\x02\\x00+~\\x88\\x11\\x00\\x04%-\\x17&~\\x86\\x11\\x00\\x04\\xfe\\x06b\\x1b\\x00\\x06s\\xc5\\x0f\\x00\n%\\x80\\x88\\x11\\x00\\x04"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1332
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1333
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "`\\x06\\xc5\\x08\\x80\\x01\\x10\\x00\\x9a\\xda\\x01\\x00G\\x08\\x03\\x00m\\x00`\\x06\\xc7\\x08\\x80\\x01\\x10\\x00\\xcb\\x08\\x03\\x00G\\x08\\x03\\x00m\\x00`\\x06\\xc8\\x08\\x80\\x01\\x10\\x00z\\x08\\x03\\x00G\\x08\\x03\\x00m\\x00`\\x06\\xc9\\x08\\x80\\x01\\x10\\x00\\x9bN\\x02\\x00G\\x08\\x03\\x00m\\x00a\\x06\\xcb\\x08\\x80\\x01\\x10\\x00\\x93\\xda\\x01\\x00G\\x08\\x03\\x00m\\x00d\\x06\\xd3\\x08\\x00\\x00\\x10\\x00\\x92\\x08\\x03\\x00G\\x08\\x03\\x00m\\x00d\\x06\\xdb\\x08\\x80\\x01\\x10\\x00\\xdd\\x08\\x03\\x00G\\x08\\x03\\x00m\\x00d\\x06\\xdf\\x08\\x01\\x00\\x10\\x00\\xcfp\\x02\\x00G\\x08\\x03\\x00m\\x00d\\x06\\xe0\\x08\\x80\\x01\\x10\\x00\\x9e\\x08\\x03\\x00G\\x08\\x03\\x00m\\x00d\\x06\\xe4\\x08\\x00\\x00\\x10\\x00\\xeb\\x08\\x03\\x00G\\x08\\x03\\x00m\\x00f\\x06\\xef\\x08\\x00\\x00\\x10\\x000}\\x02\\x00G\\x08\\x03\\x00m\\x00f\\x06\\xf1\\x08\\x80\\x01\\x10\\x00\\xbb\\x08\\x03\\x00G\\x08\\x03\\x00m\\x00h\\x06\\xfa\\x08\\x00\\x00\\x10\\x00\\x8b9\\x00\\x00G\\x08\\x03\\x00m\\x00k\\x06\\x04\t\\x00\\x00\\x10\\x00l\\x08\\x03\\x00G\\x08\\x03\\x00m\\x00o\\x06\r\t"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1334
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1335
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "r\\x9e\\x01\\x00\\x19\\x05\\x00\\x00\\x06\\x00-\\xdf\\x02\\x00\\xbfB\\x00\\x00\\x01\\x00\\xc76\\x00\\x00\\x1f\\xe3\\x00\\x00\\x06\\x00\\x05\\x90\\x01\\x00W\t\\x00\\x00\\x06\\x00p.\\x02\\x00\t\\xd8\\x00\\x00\\x06\\x00\\xb3\\x8a\\x02\\x00\\x01\\xe3\\x00\\x00\\x06\\x00\\x9fj\\x02\\x00Y\\xcc\\x00\\x00\\x01\\x00\\xc76\\x00\\x00/\\xb9\\x00\\x00\\x01\\x00.Q\\x00\\x00I\\xe4\\x00\\x00\\x06\\x00\\x05\\x90\\x01\\x00W\t\\x00\\x00\\x06\\x00p.\\x02\\x00)\\xd8\\x00\\x00\\x06\\x00\\xb3\\x8a\\x02\\x00\\x01\\xe3\\x00\\x00\\x06\\x00Q\\xc3\\x01\\x00\\x19\\x05\\x00\\x00\\x01\\x00\\xc76\\x00\\x00\\x1f\\xe3\\x00\\x00\\x06\\x00\\x05\\x90\\x01\\x00W\t\\x00\\x00\\x06\\x00p.\\x02\\x00)\\xd8\\x00\\x00\\x06\\x00\\xb3\\x8a\\x02\\x00\\x01\\xe3\\x00\\x00\\x06\\x00\\xfa\\xca\\x01\\x00\\xd7\\xca\\x00\\x00\\x01\\x00\\xc76\\x00\\x00\\x1f\\xe3\\x00\\x00\\x06\\x00\\x05\\x90\\x01\\x00W\t\\x00\\x00\\x06\\x00p.\\x02\\x00)\\xd8\\x00\\x00\\x06\\x00!r\\x01\\x00\\x19\\x05\\x00\\x00\\x06\\x00\\xb3\\x8a\\x02\\x00\\x01\\xe3\\x00\\x00\\x01\\x00\\xc76\\x00\\x00/\\xb9\\x00\\x00\\x06\\x00\\x05\\x90\\x01\\x00W\t\\x00\\x00\\x06\\x00p.\\x02\\x00)\\xd8"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1336
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1337
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x03\\x00\\x00\\x00\\x86\\x00\\x82\\xcf\\x01\\x00\\xe3\\x1c\\x01\\x00\\xfe\\x0f6\\xbb\\x03\\x00\\x00\\x00\\x81\\x00u\\x86\\x01\\x00\\x15\\x00\\x00\\x00\\xfe\\x0fU\\xbb\\x03\\x00\\x00\\x00\\xe6\\x01u\\x86\\x01\\x00\\x01\\x00\\x00\\x00\\xff\\x0fd\\xbb\\x03\\x00\\x00\\x00\\x86\\x18\\x93X\\x02\\x00\\x01\\x00\\x00\\x00\\xff\\x0fw\\xbb\\x03\\x00\\x00\\x00\\x86\\x18\\x93X\\x02\\x00\\x11\\x0e\\x01\\x00\\xff\\x0f\\x82\\xbb\\x03\\x00\\x00\\x00\\x96\\x00\\x986\\x02\\x00\\xe9\\x1c\\x01\\x00\\x02\\x10\\xb4\\xbb\\x03\\x00\\x00\\x00\\xc6\\x00\\xf2M\\x02\\x00\\xad\n\\x00\\x00\\x07\\x10\\xf4\\xbb\\x03\\x00\\x00\\x00\\xc6\\x00\\x04N\\x01\\x007\\x05\\x00\\x00\n\\x10\\xf6\\xbb\\x03\\x00\\x00\\x00\\xc6\\x00\\xcc\\x85\\x01\\x007\\x05\\x00\\x00\\x0c\\x10\\xf8\\xbb\\x03\\x00\\x00\\x00\\xc6\\x00\\x13\\xaa\\x01\\x007\\x05\\x00\\x00\\x0e\\x10\\xfc\\xbb\\x03\\x00\\x00\\x00\\x96\\x001\\xe3\\x00\\x00\\xf6\\x1c\\x01\\x00\\x10\\x10l\\xbc\\x03\\x00\\x00\\x00\\x96\\x00\\x16\\xe3\\x00\\x00\\x03\\x1d\\x01\\x00\\x13\\x10\\xbc\\xbc\\x03\\x00\\x00\\x00\\x96\\x00H\\xe3\\x00\\x00\\x0c\\x1d\\x01\\x00\\x16\\x10\\xdc\\xbc\\x03\\x00\\x00\\x00\\x96\\x00\\x19\\x01\\x02\\x00\\x17\\x1d\\x01\\x00\\x19\\x10\\x84\\xbd\\x03\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1338
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1339
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "W\\x8c\\x06\\x00\\x00\\x00\\x96\\x08\\xac\\x07\\x03\\x005@\\x01\\x00\\xdf\\x1cl\\x8c\\x06\\x00\\x00\\x00\\xc6\\x00\\xceA\\x01\\x00h\\x05\\x00\\x00\\xe1\\x1c\\xce\\x8c\\x06\\x00\\x00\\x00\\xc6\\x00\\xdb\\x8d\\x02\\x00Z*\\x00\\x00\\xe1\\x1c\\xdc\\x8c\\x06\\x00\\x00\\x00\\xc6\\x01\\xdb\\x8d\\x02\\x00?@\\x01\\x00\\xe2\\x1cM\\x8d\\x06\\x00\\x00\\x00\\xc6\\x01\\x01\\x00\\x00\\x00F@\\x01\\x00\\xe3\\x1cU\\x8d\\x06\\x00\\x00\\x00\\x84\\x18\\x93X\\x02\\x00L@\\x01\\x00\\xe3\\x1c\\x81\\x8d\\x06\\x00\\x00\\x00\\x83\\x18\\x93X\\x02\\x00S@\\x01\\x00\\xe4\\x1c\\xb4\\x8d\\x06\\x00\\x00\\x00\\xc4\\x00\\xe3\\xa4\\x01\\x00\\x01\\x00\\x00\\x00\\xe7\\x1c\\x04\\x8e\\x06\\x00\\x00\\x00\\x86\\x08\\x91\\xe1\\x00\\x00\\xcd\\x00\\x00\\x00\\xe7\\x1c\\x0c\\x8e\\x06\\x00\\x00\\x00\\x81\\x08\\xa0\\xe1\\x00\\x00\\x15\\x00\\x00\\x00\\xe7\\x1c\\x15\\x8e\\x06\\x00\\x00\\x00\\x83\\x08\\x17\\xd2\\x02\\x00h\\x05\\x00\\x00\\xe8\\x1c\\x1d\\x8e\\x06\\x00\\x00\\x00\\x83\\x08!\\xd2\\x02\\x00\\x05\\x00\\x00\\x00\\xe8\\x1c&\\x8e\\x06\\x00\\x00\\x00\\x83\\x08)6\\x01\\x00\\xcd\\x00\\x00\\x00\\xe9\\x1c.\\x8e\\x06\\x00\\x00\\x00\\x83\\x08C6\\x01\\x00\\x15\\x00\\x00\\x00\\xe9\\x1c8\\x8e\\x06\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1340
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1341
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00\\xcf\\xec\\x02\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00\n\\xd0\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00\\x95\\xd9\\x02\\x00\\x01\\x00\\x01\\x00\\xb9\\xb3\\x02\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00\n\\xd0\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00=\\xbf\\x01\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00\\x8c\\xc3\\x02\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00\\xb9\\xfe\\x02\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00\\xcf\\xec\\x02\\x00\\x01\\x00\\x01\\x00\\x10'\\x02\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00\n\\xd0\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00\\x95\\xd9\\x02\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00\n\\xd0\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00\\x95\\xd9\\x02\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00\\xcf\\xec\\x02\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00\\x98B\\x02\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x01 \\x01\\x00\n\\xd0\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1342
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1343
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x0c\\xbf\\x00\\x00\\x12\\x00\\xdd`\\x0c\\xbf\\x00\\x00\\x12\\x00ia\\x0c\\xbf\\x00\\x00\\x02\\x00ma\\xb6\\xbe\\x00\\x00\\x12\\x00\\xa9a\\x0c\\xbf\\x00\\x00\\x12\\x00\\xb1a\\x0c\\xbf\\x00\\x00\\x12\\x00\\xb5a\\x0c\\xbf\\x00\\x00\\x02\\x00\\xb9a\\xb6\\xbe\\x00\\x00\\x12\\x00\\xbda\\x0c\\xbf\\x00\\x00\\x12\\x00\\xd1a\\x0c\\xbf\\x00\\x00\\x12\\x00\\xd9a\\x0c\\xbf\\x00\\x00\\x12\\x00\\xe5a\\x0c\\xbf\\x00\\x00\\x02\\x00\\xf1a\\xb6\\xbe\\x00\\x00\\x12\\x00\\xf5a\\x0c\\xbf\\x00\\x00\\x12\\x00\\x01b\\x0c\\xbf\\x00\\x00\\x12\\x00}b\\x0c\\xbf\\x00\\x00\\x12\\x00\\x85b\\x0c\\xbf\\x00\\x00\\x12\\x00\\x89b\\x0c\\xbf\\x00\\x00\\x12\\x00\tc\\x0c\\xbf\\x00\\x00\\x12\\x00\\x15c\\x0c\\xbf\\x00\\x00\\x12\\x00\\x1dc\\x0c\\xbf\\x00\\x00\\x12\\x00%c\\x0c\\xbf\\x00\\x00\\x12\\x00)c\\x0c\\xbf\\x00\\x00\\x08\\x00\\x99c\\x11\\xbf\\x00\\x00\\x12\\x00\\xedc\\x0c\\xbf\\x00\\x00\\x12\\x00-d\\x0c\\xbf\\x00\\x00\\x12\\x005d\\x0c\\xbf\\x00\\x00\\x02\\x00\\xc9d\\xb6\\xbe\\x00\\x00\\x12\\x00\\xd9d\\x0c\\xbf\\x00\\x00\\x02\\x00\\xe5d\\xb4\\xbe\\x00\\x00\\x02\\x00\\x05e\\xb6\\xbe\\x00\\x00\\x02\\x00\te\\xb6\\xbe\\x00\\x00\\x12\\x00ie"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1344
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1345
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "!\\x87\\x02\\x00B\\x00,\\xe8\\x00\\x00A\\x87\\x02\\x00B\\x00,\\xe8\\x00\\x00\\x81\\x87\\x02\\x00B\\x00,\\xe8\\x00\\x00\\xa1\\x87\\x02\\x00J\\x002\\xe8\\x00\\x00\\xe1\\x87\\x02\\x00B\\x00,\\xe8\\x00\\x00\\x01\\x88\\x02\\x00B\\x00,\\xe8\\x00\\x00!\\x88\\x02\\x00B\\x00,\\xe8\\x00\\x00a\\x88\\x02\\x00B\\x00,\\xe8\\x00\\x00\\xc1\\x88\\x02\\x00B\\x00,\\xe8\\x00\\x00\\xe0\\x88\\x02\\x00R\\x00'~\\x01\\x00\\xe1\\x88\\x02\\x00B\\x00,\\xe8\\x00\\x00!\\x89\\x02\\x00B\\x00,\\xe8\\x00\\x00\\x81\\x89\\x02\\x00B\\x00,\\xe8\\x00\\x00\\xa1\\x89\\x02\\x00B\\x00,\\xe8\\x00\\x00\\xc1\\x89\\x02\\x00B\\x00,\\xe8\\x00\\x00\\x01\\x8a\\x02\\x00B\\x00,\\xe8\\x00\\x00!\\x8a\\x02\\x00J\\x002\\xe8\\x00\\x00A\\x8a\\x02\\x00B\\x00,\\xe8\\x00\\x00a\\x8a\\x02\\x00B\\x00,\\xe8\\x00\\x00\\x81\\x8a\\x02\\x00B\\x00,\\xe8\\x00\\x00\\xa1\\x8a\\x02\\x00B\\x00,\\xe8\\x00\\x00\\xc1\\x8a\\x02\\x00B\\x00,\\xe8\\x00\\x00a\\x8b\\x02\\x00B\\x00,\\xe8\\x00\\x00\\xa1\\x8b\\x02\\x00B\\x00,\\xe8\\x00\\x00\\x01\\x8c\\x02\\x00B\\x00,\\xe8\\x00\\x00!\\x8c\\x02\\x00B\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1346
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1347
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "c\\x04\\xea\\x01d\\x04\\xea\\x01e\\x04\\x03\\x02f\\x04\r\\x02g\\x04\\x0e\\x02h\\x04\\x10\\x02i\\x04\\x10\\x02j\\x04\\x10\\x02k\\x04\\x10\\x02l\\x04\\x10\\x02m\\x04\\x10\\x02n\\x04\\x10\\x02o\\x04\\x10\\x02p\\x04\\x10\\x02q\\x04\\x10\\x02r\\x04\\x14\\x02s\\x04L\\x02t\\x04L\\x02u\\x04L\\x02v\\x04O\\x02w\\x04U\\x02x\\x04U\\x02y\\x04V\\x02z\\x04V\\x02{\\x04V\\x02|\\x04Y\\x02}\\x04Y\\x02~\\x04Z\\x02\\x7f\\x04_\\x02\\x80\\x04_\\x02\\x81\\x04g\\x02\\x82\\x04h\\x02\\x83\\x04i\\x02\\x84\\x04i\\x02\\x85\\x04i\\x02\\x86\\x04l\\x02\\x87\\x04l\\x02\\x88\\x04n\\x02\\x89\\x04t\\x02\\x8a\\x04{\\x02\\x8b\\x04{\\x02\\x8c\\x04\\x9f\\x02\\x8d\\x04\\x9f\\x02\\x8e\\x04\\x9f\\x02\\x8f\\x04\\x9f\\x02\\x90\\x04\\x9f\\x02\\x91\\x04\\x9f\\x02\\x92\\x04\\x9f\\x02\\x93\\x04\\x9f\\x02\\x94\\x04\\x9f\\x02\\x95\\x04\\x9f\\x02\\x96\\x04\\x9f\\x02\\x97\\x04\\x9f\\x02\\x98\\x04\\x9f\\x02\\x99\\x04\\x9f\\x02\\x9a\\x04\\x9f\\x02\\x9b\\x04\\x9f\\x02\\x9c\\x04\\x9f\\x02\\x9d\\x04\\x9f\\x02\\x9e\\x04\\x9f\\x02\\x9f\\x04\\x9f\\x02\\xa0\\x04\\x9f\\x02\\xa1\\x04\\x9f\\x02\\xa2\\x04\\x9f\\x02"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1348
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1349
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "HyperVSupported\\x00isHyperVSupported\\x00set_Supported\\x00IsProductArchSupported\\x00<0>__IsSupported\\x00get_HyperVNotSupported\\x00get_ContainerNotSupported\\x00supported\\x00get_Requested\\x00set_Requested\\x00ThrowIfCancellationRequested\\x00get_IsCancellationRequested\\x00set_UpdateSelectionReque"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1350
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1351
          },
          {
            "timestamp": "2026-06-28 21:56:16,027",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "eam\\x00CopyStream\\x00MemoryStream\\x00stream\\x00ValidatePackageParam\\x00get_DefaultProgram\\x00set_DefaultProgram\\x00InstallDefaultProgram\\x00UninstallDefaultProgram\\x00GetDefaultProgram\\x00CabAllocMem\\x00CabFreeMem\\x00ReAllocCoTaskMem\\x00FreeCoTaskMem\\x00get_Item\\x00set_Item\\x00get_FocusedItem\\x00FileItem\\x00I"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1352
          },
          {
            "timestamp": "2026-06-28 21:56:16,043",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1353
          },
          {
            "timestamp": "2026-06-28 21:56:16,043",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "lingDisplayText\\x00get_CleaningDisplayText\\x00get_VerifyingDisplayText\\x00dwUIContext\\x00get_CurrentDownloadContext\\x00set_CurrentDownloadContext\\x00downloadContext\\x00RetryMessageContext\\x00IEngineContext\\x00get_EngineContext\\x00set_EngineContext\\x00engineContext\\x00useMachineContext\\x00Stream"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1354
          },
          {
            "timestamp": "2026-06-28 21:56:16,043",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1355
          },
          {
            "timestamp": "2026-06-28 21:56:16,043",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x002\\x005\\x006\\x00\\x00\\x13S\\x00H\\x00A\\x002\\x005\\x006\\x00R\\x00S\\x00A\\x00\\x00\\x1bS\\x00H\\x00A\\x002\\x005\\x006\\x00R\\x00S\\x00A\\x00_\\x00C\\x00N\\x00G\\x00\\x00\ts\\x00h\\x00a\\x001\\x00\\x00\rs\\x00h\\x00a\\x002\\x005\\x006\\x00\\x00\\x0b\"\\x00 \\x00:\\x00 \\x00[\\x00\\x00\\x0f\"\\x00 \\x00:\\x00 \\x00{\\x00\r\\x00\n\\x00\\x00\\x05\r\\x00\n\\x00\\x00\\x0b\"\\x00 \\x00:\\x00 \\x00\"\\x00\\x007m\\x00a\\x00n\\x00i\\x00f\\x00e\\x00s\\x00t\\x00R\\x00o\\x00o\\x00t\\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00.\\x00c\\x00e\\x00r\\x00\\x00Mm\\x00a\\x00n\\x00i\\x00f\\x00e\\x00s\\x00t\\x00C\\x00o\\x00u\\x00n\\x00t\\x00e\\x00r\\x00S\\x00i\\x00g\\x00n\\x00R\\x00o\\x00o\\x00t\\x00C\\x00e\\x00r\\x00t\\x00i\\x00f\\x00i\\x00c\\x00a\\x00t\\x00e\\x00.\\x00c\\x00e"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1356
          },
          {
            "timestamp": "2026-06-28 21:56:16,043",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1357
          },
          {
            "timestamp": "2026-06-28 21:56:16,043",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00t\\x00d\\x00a\\x00t\\x00e\\x00d\\x00.\\x00\\x00\\x80\\xa1I\\x00n\\x00s\\x00t\\x00a\\x00l\\x00l\\x00 \\x00c\\x00h\\x00a\\x00n\\x00n\\x00e\\x00l\\x00 \\x00m\\x00a\\x00n\\x00i\\x00f\\x00e\\x00s\\x00t\\x00 \\x00c\\x00a\\x00n\\x00n\\x00o\\x00t\\x00 \\x00u\\x00p\\x00d\\x00a\\x00t\\x00e\\x00 \\x00a\\x00n\\x00d\\x00 \\x00C\\x00a\\x00n\\x00U\\x00p\\x00d\\x00a\\x00t\\x00e\\x00 \\x00f\\x00l\\x00a\\x00g\\x00 \\x00s\\x00h\\x00o\\x00u\\x00l\\x00d\\x00 \\x00b\\x00e\\x00 \\x00s\\x00e\\x00t\\x00 \\x00t\\x00o\\x00 \\x00f\\x00a\\x00l\\x00s\\x00e\\x00\\x00AC\\x00a\\x00n\\x00n\\x00o\\x00t\\x00 \\x00f\\x00i\\x00n\\x00d\\x00 \\x00c\\x00h\\x00a\\x00n\\x00n\\x00e\\x00l\\x00 \\x00m\\x00a\\x00n\\x00i\\x00f\\x00e\\x00s\\x00t\\x00 \\x00a\\x00t\\x00 \\x00\\x00GT\\x00r\\x00y\\x00i\\x00n\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1358
          },
          {
            "timestamp": "2026-06-28 21:56:16,043",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1359
          },
          {
            "timestamp": "2026-06-28 21:56:16,043",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x05\n\\x01\\x12\\x82\\xed\\x05\\x07\\x01\\x11\\x91\\x80\\x05\n\\x01\\x11\\x91\\x80\\x05\\x07\\x01\\x11\\x91|\\x08\\x15\\x11\\x81=\\x01\\x12\\x91`\\x05\n\\x01\\x11\\x91|\\x14 \\x05\\x01\\x12\\x81A\\x12\\x80\\x95\\x12\\x81\\xc9\\x15\\x12\\x87\\xd9\\x01\\x13\\x00\\x0e\\x06\\x15\\x12\\x82=\\x01\\x0e\\x160\\x01\\x04\\x01\\x1e\\x00\\x1e\\x00\\x15\\x12\\x85\\xe1\\x01\\x1e\\x00\\x15\\x12\\x83\\xe1\\x01\\x1e\\x00\\x18\\x10\\x01\\x02\\x15\\x12\\x82\\xd9\\x01\\x1e\\x00\\x15\\x12\\x81\\x81\\x01\\x1e\\x00\\x15\\x12\\x83\\xe1\\x01\\x1e\\x00\\x0f\\x07\\x05\\x12\\x83\\xb5\\x0e\\x12\\x83\\xb5\\x12\\x83\\xb5\\x12\\x819\\x05 \\x00\\x12\\x80\\x95\t\\x15\\x12\\x81\\xd5\\x02\\x0e\\x12\\x91\\x98\r\\x07\\x05\\x12\\x884\\x02\\x12\\x91\\x98\\x12\\x81\\x9d\\x08\t\\x15\\x12\\x81\\x99\\x02\\x0e\\x12\\x91\\x98\\x0b\\x07\\x04\\x12\\x884\\x02\\x1d\\x12\\x91\\x98\\x08\\x05\n\\x01\\x12\\x91\\x98\\x05\n\\x01\\x12\\x87L\\x1c\\x07\\x0b\\x11\\x88X\\x02\\x15\\x12\\x82\\x19\\x01\\x12\\x87L\\x12\\x80\\xb1\\x12\\x88\\x88\\x08\\x02\\x08\\x08\\x08\\x12\\x87L\\x08\\x15\\x12\\x82\\x19\\x01\\x12\\x87L\r\\x07\\x05\\x07\\x07\\x11\\x87\\x90\\x11\\x87\\x90\\x12\\x819\\x05\\x07\\x01\\x12\\x91\\xb4\\x08\\x15\\x12"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1360
          },
          {
            "timestamp": "2026-06-28 21:56:16,043",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1361
          },
          {
            "timestamp": "2026-06-28 21:56:16,043",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "out.Test, PublicKey=002400000480000094000000060200000024000052534131000400000100010007d1fa57c4aed9f0a32e84aa0faefd0de9e8fd6aec8f87fb03766c834c99921eb23be79ad9d5dcc1dd9ad236132102900b723cf980957fc4e177108fc607774f29e8320e92ea05ece4e821c0a5efe8f1645c4c0c93c1"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1362
          },
          {
            "timestamp": "2026-06-28 21:56:16,058",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1363
          },
          {
            "timestamp": "2026-06-28 21:56:16,058",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x83#\\x00\\x00\\x01\\x00\\x00\\x002#\\x00h\\x03\"\\x00\\x00\\x01\\x00\\x00\\x003#\\x00h\\x03\"\\x00\\x00\\x01\\x00\\x00\\x004#\\x00h\\x01\"\\x01\\x00\\x01\\x00\\x00\\x005#\\x00h\\x01\\x00\\x01\\x00\\x01\\x00\\x00\\x006#\\x00h\\x81\\x01\\x10\\x00\\x01\\x00\\x00\\x007#\\x00h\\x01\\x00\\x01\\x00\\x01\\x00\\x00\\x00\\x86\\x04\\x00\\x02\\x01\\x00\\x10 \\x01\\x00\\x00\\x00\\xe6\\x00\\x00\\x02\\x01\\x00\\x10 \\x01\\x00\\x00\\x00\\xdf\\x00\\x00\\x02\\x01\\x00\\x10 \\x01\\x00\\x00\\x00\\xef\\x01\\x00\\x02\\x00\\x00\\x00 \\x01\\x00\\x00\\x00\\x7f&\\x00h\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00@'\\x00h\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00A'\\x00h\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00B'\\x00h\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00C'\\x00h\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00D'\\x00h\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00E'\\x00h\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00G'\\x00h\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00H'\\x00h\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00R(\\x00h\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00](\\x00h\\x01\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "29854"
              }
            ],
            "repeated": 0,
            "id": 1364
          },
          {
            "timestamp": "2026-06-28 21:56:16,058",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xd1\\x83\\xd9\\x8d\\x10\\xdc\\x01\\x00\\xd1\\x83\\xd9\\x8d\\x10\\xdc\\x01\\x00\\xd1\\x83\\xd9\\x8d\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1365
          },
          {
            "timestamp": "2026-06-28 21:56:16,058",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 1366
          },
          {
            "timestamp": "2026-06-28 21:56:16,058",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1367
          },
          {
            "timestamp": "2026-06-28 21:56:16,058",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1368
          },
          {
            "timestamp": "2026-06-28 21:56:16,058",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1369
          },
          {
            "timestamp": "2026-06-28 21:56:16,058",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 1370
          },
          {
            "timestamp": "2026-06-28 21:56:16,074",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1371
          },
          {
            "timestamp": "2026-06-28 21:56:16,074",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1372
          },
          {
            "timestamp": "2026-06-28 21:56:16,074",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1373
          },
          {
            "timestamp": "2026-06-28 21:56:16,074",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "x\\xcf\\x04\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1374
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "x\\xcf\\x04\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1375
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "x\\xcf\\x04\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1376
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1377
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00\\xaaFY\\xce\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\" \\x0b\\x010\\x00\\x00\\x9c\\x04\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\xba\\x04\\x00\\x00 \\x00\\x00\\x00\\xc0\\x04\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x02\\x00\\x00\\x8bt\\x05\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "35682"
              }
            ],
            "repeated": 0,
            "id": 1378
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1379
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x07\\x12\\x00\\xfe\\x167\\x00\\x00\\x02o^\\x00\\x00\no\\xad\\x00\\x00\\x06\\x02{\\xc6\\x0e\\x00\\x04\\x08oD\\x02\\x00\n\\x07\\x13\\x07\\xdd#\\x03\\x00\\x00\\x06\\x17X\n\\x06\\x1a3d\\x02{\\xc1\\x0e\\x00\\x04{\\x9c\\x00\\x00\\x04%-\\x03&+'r\\x7f\\x1b\\x00p\\x18\\x8d \\x00\\x00\\x01%\\x16\\x08or\\x00\\x00\n\\x8cO\\x00\\x00\\x01\\xa2%\\x17\\x02{\\xc2\\x0e\\x00\\x04\\xa2oB\\x00\\x00\n\\x02{\\xc1\\x0e\\x00\\x04{\\x9d\\x00\\x00\\x04\\x08or\\x00\\x00\nr\\xc7\\x1b\\x00p\\x07-\\x03\\x14+\\x06\\x07(\\xae\\x00\\x00\\x06oA\\x01\\x00\\x068\\xd9\\x00\\x00\\x00\\x02{\\xc1\\x0e\\x00\\x04{\\x9c\\x00\\x00\\x04%-\\x06&8\\xc5\\x00\\x00\\x00r\\xf5\\x1b\\x00p\\x19\\x8d \\x00\\x00\\x01%\\x16\\x08or\\x00\\x00\n\\x8cO\\x00\\x00\\x01\\xa2%\\x17\\x02{\\xc2\\x0e\\x00\\x04o\\x93\\x00\\x00\n\\xa2%\\x18\\x06\\x8c7\\x00\\x00\\x02\\xa2oB\\x00\\x00\n8\\x8b\\x00\\x00\\x00\\x07\\x08s=\\x00\\x00\\x06o\\xb7\\x00\\x00\\x06\\x07\\x08rM8\\x00poE\\x02\\x00\no\\xaf\\x00\\x00\\x06\\x07"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1380
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1381
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "Buffer",
                "value": "\t\\x00P\\x0fl(\t\\x00T\\x0fq(\t\\x00X\\x0fv(\t\\x00\\\\x0f{(\t\\x00`\\x0f\\x80(\t\\x00d\\x0f\\x85(\t\\x00h\\x0f\\x8a(\t\\x00l\\x0f\\x8f(\t\\x00p\\x0f\\x94(\t\\x00t\\x0f\\x99(\t\\x00x\\x0f\\x9e(\t\\x00|\\x0f\\xa3(\t\\x00\\x80\\x0f\\xa8(\t\\x00\\x84\\x0f\\xad(\t\\x00\\x88\\x0f\\xb2(\t\\x00\\x8c\\x0f\\xb7(\t\\x00\\x90\\x0f\\xbc(\t\\x00\\x94\\x0f\\xc1(\t\\x00\\x98\\x0f\\xc6(\t\\x00\\x9c\\x0f\\xcb(\t\\x00\\xa0\\x0f\\xd0(\t\\x00\\xa4\\x0f\\xd5(\t\\x00\\xa8\\x0f\\xda(\t\\x00\\xac\\x0f\\xdf(\t\\x00\\xb0\\x0f\\xe4(\t\\x00\\xb4\\x0f\\xe9(\t\\x00\\xb8\\x0f\\xee(\t\\x00\\xbc\\x0f\\xf3(\t\\x00\\xc0\\x0f\\xf8(\t\\x00\\xc4\\x0f\\xfd(\t\\x00\\xc8\\x0f\\x02)\t\\x00\\xcc\\x0f\\x07)\t\\x00\\xd0\\x0f\\x0c)\t\\x00\\xd4\\x0f\\x11)\t\\x00\\xd8\\x0f\\x16)\t\\x00\\xdc\\x0f\\x1b)\t\\x00\\xe0\\x0f )\t\\x00\\xe4\\x0f%)\t\\x00\\xe8\\x0f*)\t\\x00\\xec\\x0f/)\t\\x00\\xf0\\x0f4)\t\\x00\\xf4\\x0f9)\t\\x00\\xf8\\x0f"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1382
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1383
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "Buffer",
                "value": "_NOT_AVAILABLE\\x00ERROR_DS_LINK_ID_NOT_AVAILABLE\\x00ERROR_DEVICE_NOT_AVAILABLE\\x00ERROR_RESOURCE_NOT_AVAILABLE\\x00ERROR_NODE_NOT_AVAILABLE\\x00ERROR_HOST_NODE_NOT_AVAILABLE\\x00APPMODEL_ERROR_PACKAGE_NOT_AVAILABLE\\x00ERROR_CTX_LICENSE_NOT_AVAILABLE\\x00ERROR_NETWORK_NOT_AVAILABLE\\x00DN"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1384
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 1385
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1386
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00FAULTLOCATIONPROPERTY\\x00FAULTDESCRIPTIONPROPERTY\\x00AUTHENTICATIONPROVIDERPROPERTY\\x00ISSERVERPROPERTY\\x00ANCESTORWORKLOADSPROPERTY\\x00PARENTSPROPERTY\\x00DNS_ERROR_INVALID_PROPERTY\\x00ERROR_UNKNOWN_PROPERTY\\x00ERROR_HV_UNKNOWN_PROPERTY\\x00ERROR_VOLUME_DIRTY\\x00INTERNET_OPEN_TYPE_PREC"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1387
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1388
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "Buffer",
                "value": "enCacheAsync>d__5\\x00\\x00\\\\x01\\x00WMicrosoft.VisualStudio.Setup.Download.TokenCacheRegistrant+<CreateCacheHelperAsync>d__6\\x00\\x00\\x05\\x01\\x00\\x01\\x00\\x00]\\x01\\x00XMicrosoft.VisualStudio.Setup.Download.DownloadManagerAuthenticationProxy+<Download>d__27\\x00\\x00b\\x01\\x00]Microsoft.VisualStudio.Setup.Download.Do"
              },
              {
                "name": "Length",
                "value": "17430"
              }
            ],
            "repeated": 0,
            "id": 1389
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xa1i\\xbb\\x8c\\x10\\xdc\\x01\\x00\\xa1i\\xbb\\x8c\\x10\\xdc\\x01\\x00\\xa1i\\xbb\\x8c\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1390
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 1391
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1392
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1393
          },
          {
            "timestamp": "2026-06-28 21:56:16,090",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 1394
          },
          {
            "timestamp": "2026-06-28 21:56:16,105",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1395
          },
          {
            "timestamp": "2026-06-28 21:56:16,105",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1396
          },
          {
            "timestamp": "2026-06-28 21:56:16,105",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1397
          },
          {
            "timestamp": "2026-06-28 21:56:16,105",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "(\\xa8\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1398
          },
          {
            "timestamp": "2026-06-28 21:56:16,105",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "(\\xa8\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1399
          },
          {
            "timestamp": "2026-06-28 21:56:16,105",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "(\\xa8\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1400
          },
          {
            "timestamp": "2026-06-28 21:56:16,105",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1401
          },
          {
            "timestamp": "2026-06-28 21:56:16,105",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00\\x04\\x9f\\x0c\\xe5\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\" \\x0b\\x010\\x00\\x00x\\x0f\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00V\\x96\\x0f\\x00\\x00 \\x00\\x00\\x00\\xa0\\x0f\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x0f\\x00\\x00\\x02\\x00\\x00Z&\\x10\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "48106"
              }
            ],
            "repeated": 0,
            "id": 1402
          },
          {
            "timestamp": "2026-06-28 21:56:16,105",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1403
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "-\\xcf\\xde\\x0c\\x11\\x05,\\x07\\x11\\x05o#\\x00\\x00\n\\xdc\\x02\\x11\\x04\\x17\\x8d\\xc4\\x00\\x00\\x02%\\x16\\x03\\x06s\\x0c\\x17\\x00\\x06o[\\x00\\x00\ns\\x88\\x04\\x00\\x06\\xa2(\\xac\\x01\\x00\n(\\x91\\x04\\x00\\x06(\\xd1\\x04\\x00\\x06\\xde\n\t,\\x06\\x08(c\\x01\\x00\n\\xdc*\\x00\\x01\\x1c\\x00\\x00\\x02\\x00Y\\x005\\x8e\\x00\\x0c\\x00\\x00\\x00\\x00\\x02\\x00@\\x00\\x88\\xc8\\x00\n\\x00\\x00\\x00\\x00F\\x02{u\\x04\\x00\\x04o\\xde\\x02\\x00\no\\xa8\\x04\\x00\\x06*F\\x02{u\\x04\\x00\\x04o\\xde\\x02\\x00\no\\xaa\\x04\\x00\\x06*J\\x02{u\\x04\\x00\\x04o\\xde\\x02\\x00\n\\x03o\\xa9\\x04\\x00\\x06*>\\x1f\\xfes\\x12\\x17\\x00\\x06%\\x03}\\x16\r\\x00\\x04*2\\x02r\\x810\\x00p(\\xa3\\x04\\x00\\x06*\\x1e\\x02(&\\x03\\x00\n*f\\x02(T\\x00\\x00\n\\x03r\\xa90\\x00p(\\xa0\\x00\\x00+\\x02\\x03}\\x82\\x04\\x00\\x04*>\\x02{\\x82\\x04\\x00\\x04o\\xe3\\x05\\x00\\x06\\x16\\xfe\\x01*f\\x02(T\\x00\\x00\n\\x03r\\xcb0\\x00p(\\xa1\\x00\\x00+\\x02\\x03"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1404
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1405
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x06-\\x02\\x16*\\x02(\\x88\\x0b\\x00\\x06\\x03\\xfe\\x02\\x16\\xfe\\x01*\\x00\\x00\\x00\\x130\\x03\\x00\\x0f\\x00\\x00\\x00\\x7f\\x01\\x00\\x11\\x02\\x17\\x12\\x00(-\\x01\\x00+-\\x02\\x16*\\x06*2\\x02{\\x0b\\x07\\x00\\x04o\\xa9\\x00\\x00\n*\\x130\\x03\\x00G\\x00\\x00\\x00\\x8b\\x01\\x00\\x11s\\x13\\x18\\x00\\x06\n\\x06\\x03}D\\x0e\\x00\\x04\\x02(T\\x00\\x00\n\\x06{D\\x0e\\x00\\x04r\\xbc\\xa9\\x00p(\\x08\\x03\\x00\n\\x06r\\xde\\xa9\\x00p}E\\x0e\\x00\\x04\\x02\\x06\\xfe\\x06\\x14\\x18\\x00\\x06s\\x99\\x00\\x00\n\\x16s\\xd7\\x03\\x00\n}\\x0b\\x07\\x00\\x04*r\\x02rnI\\x00p\\x03o\\xa9\\x05\\x00\n(\\xfe\\x00\\x00\n(\\xd5\\x04\\x00\n(\\xec\\x0c\\x00\\x06*2\\x02{\\x0c\\x07\\x00\\x04o\\xa9\\x00\\x00\n*\\x00\\x00\\x00\\x130\\x03\\x00E\\x00\\x00\\x00\\x8c\\x01\\x00\\x11s\\x15\\x18\\x00\\x06\n\\x06\\x03}F\\x0e\\x00\\x04\\x02(T\\x00\\x00\n\\x06{F\\x0e\\x00\\x04(\\x95\\x0b\\x00\\x06-\\x0c\\x06{F\\x0e\\x00\\x04s \\x04\\x00\nz\\x02\\x06\\xfe\\x06\\x16\\x18\\x00\\x06s\\x99"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1406
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1407
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x130\\x02\\x00\\xf0\\x00\\x00\\x00f\\x02\\x00\\x11\\x02{\\x91\t\\x00\\x04\\x1f\"o?\\x08\\x00\n\\x03\n\\x16\\x0b8\\xc0\\x00\\x00\\x00\\x06\\x07o\\xd1\\x01\\x00\n\\x0c\\x08\\x1eYE\\x06\\x00\\x00\\x00@\\x00\\x00\\x00v\\x00\\x00\\x00.\\x00\\x00\\x00\\x88\\x00\\x00\\x00R\\x00\\x00\\x00d\\x00\\x00\\x00\\x08\\x1f\".\\x17\\x08\\x1f\\3~\\x02{\\x91\t\\x00\\x04r\\x9a-\\x01po\\xdf\\x05\\x00\n+x\\x02{\\x91\t\\x00\\x04r\\xe3\\x17\\x01po\\xdf\\x05\\x00\n+f\\x02{\\x91\t\\x00\\x04r\\xa0-\\x01po\\xdf\\x05\\x00\n+T\\x02{\\x91\t\\x00\\x04r\\xa6-\\x01po\\xdf\\x05\\x00\n+B\\x02{\\x91\t\\x00\\x04r\\xac-\\x01po\\xdf\\x05\\x00\n+0\\x02{\\x91\t\\x00\\x04r\\xb2-\\x01po\\xdf\\x05\\x00\n+\\x1e\\x02{\\x91\t\\x00\\x04r\\xb8-\\x01po\\xdf\\x05\\x00\n+\\x0c\\x02{\\x91\t\\x00\\x04\\x08o?\\x08\\x00\n\\x07\\x17X\\x0b\\x07\\x06o\\xd2\\x01\\x00\n?4\\xff\\xff\\xff\\x02{\\x91\t\\x00\\x04\\x1f\"o?\\x08\\x00\n*:\\x02"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1408
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1409
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "\n&*\\x1e\\x02(T\\x00\\x00\n*>\\x02\\x03}\\x1b\r\\x00\\x04\\x02\\x04}\\x1c\r\\x00\\x04*.s!\\x17\\x00\\x06\\x80\\x1d\r\\x00\\x04*\\x1e\\x02(T\\x00\\x00\n*.s\\x1e\\x17\\x00\\x06s\\xfd\\x04\\x00\\x06*\\x1e\\x02(T\\x00\\x00\n*\\x00\\x00\\x00\\x1b0\\x03\\x008\\x00\\x00\\x00v\\x00\\x00\\x11\\x16\n\\x02{\\x1e\r\\x00\\x04\\x02{\\x1f\r\\x00\\x04\\x02{ \r\\x00\\x04o\\x10\\x05\\x00\\x06\n\\xde\\x1b\\x06-\\x17\\x02{!\r\\x00\\x04\\x02{\"\r\\x00\\x04\\x02{\\x1f\r\\x00\\x04(\\x02\\x05\\x00\\x06\\xdc*\\x01\\x10\\x00\\x00\\x02\\x00\\x02\\x00\\x1a\\x1c\\x00\\x1b\\x00\\x00\\x00\\x00\\x1e\\x02(T\\x00\\x00\n*N\\x03\\x02{#\r\\x00\\x04\\x02{$\r\\x00\\x04o\\x93\\x06\\x00\\x06*\\x1e\\x02(T\\x00\\x00\n*\\x130\\x04\\x000\\x00\\x00\\x00\\x10\\x03\\x00\\x11\\x02{%\r\\x00\\x04{\\xc0\\x04\\x00\\x04\\x02{(\r\\x00\\x04%-\\x16&\\x02\\x02\\xfe\\x06)\\x17\\x00\\x06s?\\x03\\x00\n%\n}(\r\\x00\\x04\\x06o@\\x03\\x00\n*N\\x03\\x02{&\r"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1410
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1411
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\xf2\\x00\\xd5\r\\xce\\x17\\x05\\x01\\x10\\x00R$\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\x00\\xd5\r\\xcf\\x17\\x05\\x01\\x10\\x005$\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x00\\xd5\r\\xd0\\x17\\x05\\x01\\x10\\x00J$\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\x00\\xd5\r\\xd1\\x17\\x05\\x01\\x00\\x00\\x9d\\x1e\\x02\\x00\\x00\\x00\\x00\\x00\\xbd\\x01\\xd5\r\\xd2\\x17\\x03\\x01\\x10\\x009=\\x00\\x00\\x00\\x00\\x00\\x00\\xa9\\x00\\xd5\r\\xd6\\x17\\x0b\\x01\\x10\\x00\\xe4}\\x01\\x00\\x00\\x00\\x00\\x00\\xa9\\x00\\xda\r\\xd8\\x17\\x03!\\x10\\x00\\xa2a\\x00\\x00\\x00\\x00\\x00\\x00Y\\x00\\xdc\r\\xd8\\x17\\x03\\x01\\x10\\x00\\xdf\\x05\\x00\\x00\\x00\\x00\\x00\\x00Y\\x00\\xe1\r\\xde\\x17\\x03\\x01\\x10\\x00\\xa0\\x03\\x00\\x00\\x00\\x00\\x00\\x00Y\\x00\\xe2\r\\xe0\\x17\\x03\\x01\\x10\\x00\\x08\\x04\\x00\\x00\\x00\\x00\\x00\\x00Y\\x00\\xe5\r\\xe2\\x17\\x03\\x01\\x10\\x00{\\x05\\x00\\x00\\x00\\x00\\x00\\x00Y\\x00\\xe6\r\\xe4\\x17\\x03\\x01\\x10\\x00\\xe7\\x0c\\x00\\x00\\x00\\x00\\x00\\x00Y\\x00\\xe9\r\\xe6\\x17\\x03\\x01\\x10\\x00\\x1c>\\x00\\x00\\x00\\x00\\x00\\x00Y\\x00\\xea\r\\xe8\\x17\\x03\\x01\\x10\\x00\\xec<\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1412
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1413
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x8b\\xb6\\x00\\x00\\x00\\x00\\xc6\\x08\\x1ex\\x01\\x00\\x88\\x04\\x00\\x00\\xd8\\x03\\x93\\xb6\\x00\\x00\\x00\\x00\\xc6\\x08-x\\x01\\x00\\x10\\x00\\x00\\x00\\xd8\\x03\\x9c\\xb6\\x00\\x00\\x00\\x00\\x83\\x00\\x99\\xcc\\x00\\x00\\xf9\\x07\\x01\\x00\\xd9\\x03\\xf6\\xb6\\x00\\x00\\x00\\x00\\x86\\x180\\xbf\\x01\\x00\\x01\\x00\\x00\\x00\\xda\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x05\\x93\\xd0\\x01\\x00\\xee\\x07\\x01\\x00\\xda\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\r\\xfbQ\\x02\\x00\\x0e\\x05\\x00\\x00\\xda\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x05\\xb9f\\x00\\x00\\x00\\x08\\x01\\x00\\xda\\x03\\x00\\xb7\\x00\\x00\\x00\\x00\\xe6\\x01\\xb9f\\x00\\x00\\x00\\x08\\x01\\x00\\xdb\\x03C\\xb7\\x00\\x00\\x00\\x00\\x86\\x180\\xbf\\x01\\x00\\x01\\x00\\x00\\x00\\xdc\\x03L\\xb7\\x00\\x00\\x00\\x00\\x86\\x180\\xbf\\x01\\x00\\x98\\x02\\x01\\x00\\xdc\\x03\\xa2\\xb7\\x00\\x00\\x00\\x00\\xc6\\x08\\x96\\xe6\\x00\\x00\\x88\\x04\\x00\\x00\\xdd\\x03\\xac\\xb7\\x00\\x00\\x00\\x00\\xc4\\x00;h\\x00\\x003\\x07\\x01\\x00\\xdd\\x03\\xf0\\xb7\\x00\\x00\\x00\\x00\\x81\\x00\n\\x1b\\x00\\x00\\x00\\x08\\x01\\x00\\xdd\\x03;\\xb8\\x00\\x00\\x00\\x00\\xc6\\x00\\xd7&\\x02\\x00\\x99+\\x00\\x00\\xde\\x03G\\xb8\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1414
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1415
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xdd\\x0f1\\xf6\\x02\\x00\\x00\\x00\\x86\\x180\\xbf\\x01\\x00\\x01\\x00\\x00\\x00\\xde\\x0fC\\xf6\\x02\\x00\\x00\\x00\\x84\\x180\\xbf\\x01\\x00\\x1a\\x00\\x00\\x00\\xde\\x0f\\x82\\xf6\\x02\\x00\\x00\\x00\\x86\\x08V\\xfb\\x00\\x00\\x88\\x04\\x00\\x00\\xe0\\x0f\\x8a\\xf6\\x02\\x00\\x00\\x00\\x86\\x08_\\xfb\\x00\\x00\\x10\\x00\\x00\\x00\\xe0\\x0f\\x93\\xf6\\x02\\x00\\x00\\x00\\x86\\x08\\xda\\xcb\\x00\\x000)\\x01\\x00\\xe1\\x0f\\x9b\\xf6\\x02\\x00\\x00\\x00\\x86\\x08\\xe3\\xcb\\x00\\x006)\\x01\\x00\\xe1\\x0f\\xa4\\xf6\\x02\\x00\\x00\\x00\\x86\\x08[\\x1d\\x01\\x00i\\x0c\\x00\\x00\\xe2\\x0f\\xac\\xf6\\x02\\x00\\x00\\x00\\x86\\x08e\\x1d\\x01\\x00\\xdaO\\x00\\x00\\xe2\\x0f\\xb5\\xf6\\x02\\x00\\x00\\x00\\x86\\x08\\x0e\"\\x02\\x00\\xf4\r\\x01\\x00\\xe3\\x0f\\xbd\\xf6\\x02\\x00\\x00\\x00\\x86\\x08\\x18\"\\x02\\x00=)\\x01\\x00\\xe3\\x0f\\xc6\\xf6\\x02\\x00\\x00\\x00\\x86\\x08\\x0fW\\x01\\x00\\xe9L\\x00\\x00\\xe4\\x0f\\xce\\xf6\\x02\\x00\\x00\\x00\\x86\\x08\\x17W\\x01\\x00\\xa7\\x0b\\x01\\x00\\xe4\\x0f\\xd7\\xf6\\x02\\x00\\x00\\x00\\x86\\x08.2\\x02\\x00\\xe9L\\x00\\x00\\xe5\\x0f\\xdf\\xf6\\x02\\x00\\x00\\x00\\x86\\x0862\\x02\\x00\\xa7\\x0b\\x01\\x00\\xe5\\x0f\\xe8\\xf6"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1416
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1417
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\x00\\x00\\x00\\x01\\x00i\\x1d\\x01\\x00\\x00\\x00\\x01\\x00i\\x1d\\x01\\x00\\x00\\x00\\x01\\x00i\\x1d\\x01\\x00\\x00\\x00\\x01\\x00<\\xf3\\x00\\x00\\x10\\x10\\x02\\x00\\xa4\\xcf\\x01\\x00\\x10\\x10\\x03\\x00!\\xc2\\x01\\x00\\x00\\x00\\x01\\x00\\x85N\\x02\\x00\\x00\\x00\\x01\\x00\\x11\\xdb\\x00\\x00\\x00\\x00\\x01\\x00\\x11\\xdb\\x00\\x00\\x00\\x00\\x02\\x00\\xe5J\\x01\\x00\\x00\\x00\\x01\\x00\\x11\\xdb\\x00\\x00\\x00\\x00\\x02\\x00\\xa4\\xcf\\x01\\x00\\x00\\x00\\x01\\x00\\x11\\xdb\\x00\\x00\\x00\\x00\\x02\\x00\\xe5J\\x01\\x00\\x00\\x00\\x03\\x00\\xa4\\xcf\\x01\\x00\\x00\\x00\\x01\\x00\\x85N\\x02\\x00\\x00\\x00\\x01\\x00\\x84\\xfb\\x00\\x00\\x00\\x00\\x02\\x00i\\x1d\\x01\\x00\\x10\\x10\\x03\\x00\\xa4\\xcf\\x01\\x00\\x00\\x00\\x01\\x00\\x85N\\x02\\x00\\x00\\x00\\x01\\x00zv\\x01\\x00\\x10\\x10\\x02\\x00\\xa4\\xcf\\x01\\x00\\x10\\x10\\x03\\x00!\\xc2\\x01\\x00\\x00\\x00\\x01\\x00\\x85N\\x02\\x00\\x00\\x00\\x01\\x00\\x85N\\x02\\x00\\x00\\x00\\x01\\x00\\x84\\xfb\\x00\\x00\\x00\\x00\\x01\\x00\\x85N\\x02\\x00\\x00\\x00\\x01\\x00\\x84\\xfb\\x00\\x00\\x00\\x00\\x02\\x00\\xf9\\x80\\x01\\x00\\x00\\x00\\x03\\x00\\x80i\\x01\\x00\\x00\\x00\\x04\\x00\\xe9\\xd5\\x00\\x00\\x00\\x00\\x05\\x00\\xe2\\xf2"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1418
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1419
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00!z\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00#z\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00Az\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00Cz\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00`z\\x00\\x00\\xfb\\x00\\x01P\\x01\\x00az\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00\\x81z\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00\\x83z\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00\\xa1z\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00\\xa3z\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00\\xc1z\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00\\xc3z\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00\\xe0z\\x00\\x00\\xfb\\x00_P\\x01\\x00\\xe1z\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00\\xe3z\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00\\x00{\\x00\\x00\\xfb\\x00\\xd2P\\x01\\x00\\x01{\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00\\x03{\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00 {\\x00\\x00\\xfb\\x00:Q\\x01\\x00!{\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00@{\\x00\\x00\\xfb\\x00\\xb0Q\\x01\\x00C{\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00c{\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00\\x83{\\x00\\x00\\x9b\\x003\\x8c\\x00\\x00\\xa3{\\x00\\x00\\x9b\\x003\\x8c"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1420
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1421
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "L\\x03s\\x00M\\x03t\\x00N\\x03t\\x00O\\x03u\\x00P\\x03z\\x00Q\\x03z\\x00R\\x03z\\x00S\\x03z\\x00T\\x03z\\x00U\\x03z\\x00V\\x03z\\x00W\\x03z\\x00X\\x03z\\x00Y\\x03z\\x00Z\\x03z\\x00[\\x03{\\x00\\\\x03|\\x00]\\x03|\\x00^\\x03~\\x00_\\x03~\\x00`\\x03~\\x00a\\x03\\x7f\\x00b\\x03\\x7f\\x00c\\x03\\x7f\\x00d\\x03\\x80\\x00e\\x03\\x80\\x00f\\x03\\x80\\x00g\\x03\\x82\\x00h\\x03\\x82\\x00i\\x03\\x82\\x00j\\x03\\x82\\x00k\\x03\\x82\\x00l\\x03\\x82\\x00m\\x03\\x83\\x00n\\x03\\x83\\x00o\\x03\\x87\\x00p\\x03\\x88\\x00q\\x03\\x8e\\x00r\\x03\\x8f\\x00s\\x03\\x91\\x00t\\x03\\x91\\x00u\\x03\\x91\\x00v\\x03\\x93\\x00w\\x03\\x93\\x00x\\x03\\x93\\x00y\\x03\\x93\\x00z\\x03\\x93\\x00{\\x03\\x93\\x00|\\x03\\x93\\x00}\\x03\\x93\\x00~\\x03\\x93\\x00\\x7f\\x03\\x93\\x00\\x80\\x03\\x93\\x00\\x81\\x03\\x93\\x00\\x82\\x03\\x93\\x00\\x83\\x03\\x93\\x00\\x84\\x03\\x93\\x00\\x85\\x03\\x95\\x00\\x86\\x03\\x95\\x00\\x87\\x03\\x95\\x00\\x88\\x03\\x95\\x00\\x89\\x03\\x95\\x00\\x8a\\x03\\x95\\x00\\x8b\\x03\\x95\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1422
          },
          {
            "timestamp": "2026-06-28 21:56:16,121",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1423
          },
          {
            "timestamp": "2026-06-28 21:56:16,136",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "ocessHandle\\x00processHandle\\x00DangerousGetHandle\\x00SetHandle\\x00flushWaitHandle\\x00EventWaitHandle\\x00bInheritHandle\\x00SnapshotHandle\\x00snapshotHandle\\x00phReportHandle\\x00reportHandle\\x00GetFinalPathNameByHandle\\x00GetFileInformationByHandle\\x00SetFileInformationByHandle\\x00selInfoDictionary"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1424
          },
          {
            "timestamp": "2026-06-28 21:56:16,136",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1425
          },
          {
            "timestamp": "2026-06-28 21:56:16,136",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "tionDetails\\x00parentExceptionDetails\\x00WithSubscriptionDetails\\x00ActionSubscriptionDetails\\x00errorDetails\\x00get_GatherEventDetails\\x00gatherEventDetails\\x00details\\x00Utils\\x00TypeTools\\x00ArchitectureTools\\x00ProductDetectionTools\\x00IProcessTools\\x00get_ProcessTools\\x00set_ProcessTools\\x00proc"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1426
          },
          {
            "timestamp": "2026-06-28 21:56:16,136",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1427
          },
          {
            "timestamp": "2026-06-28 21:56:16,136",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "a\\x00r\\x00a\\x00c\\x00t\\x00e\\x00r\\x00s\\x00 \\x00l\\x00e\\x00n\\x00g\\x00t\\x00h\\x00,\\x00 \\x00l\\x00e\\x00s\\x00s\\x00 \\x00t\\x00h\\x00a\\x00n\\x00 \\x006\\x005\\x00 \\x00c\\x00h\\x00a\\x00r\\x00a\\x00c\\x00t\\x00e\\x00r\\x00s\\x00 \\x00l\\x00e\\x00n\\x00g\\x00t\\x00h\\x00 \\x00a\\x00n\\x00d\\x00 \\x00c\\x00o\\x00n\\x00s\\x00i\\x00s\\x00t\\x00 \\x00o\\x00f\\x00 \\x00a\\x00l\\x00p\\x00h\\x00a\\x00n\\x00u\\x00m\\x00e\\x00r\\x00i\\x00c\\x00 \\x00a\\x00n\\x00d\\x00/\\x00o\\x00r\\x00 \\x00c\\x00h\\x00a\\x00r\\x00a\\x00c\\x00t\\x00e\\x00r\\x00s\\x00 \\x00'\\x00_\\x00'\\x00,\\x00 \\x00'\\x00-\\x00'\\x00,\\x00 \\x00'\\x00 \\x00'\\x00,\\x00 \\x00'\\x00+\\x00'\\x00\\x01UA\\x00p\\x00p\\x00I\\x00d\\x00 \\x00f\\x00o\\x00r\\x00 \\x00t\\x00h\\x00e\\x00 \\x00T\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1428
          },
          {
            "timestamp": "2026-06-28 21:56:16,136",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1429
          },
          {
            "timestamp": "2026-06-28 21:56:16,136",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x12\\x8b\\x04\\x07\\x15\\x12\\x82i\\x01\\x13\\x00\\x07\\x15\\x12\\x81\\x15\\x01\\x13\\x00\\x17\\x15\\x12\\x8b\\x98\\x02\\x15\\x11\\x80\\xf9\\x02\\x13\\x00\\x13\\x01\\x15\\x12\\x80\\xf1\\x02\\x13\\x00\\x13\\x01\t\\x15\\x12\\x80\\xf1\\x02\\x13\\x00\\x13\\x01\\x0e\\x15\\x12\\x82i\\x01\\x15\\x11\\x80\\xf9\\x02\\x13\\x00\\x13\\x01\\x0e\\x15\\x12\\x81\\x15\\x01\\x15\\x11\\x80\\xf9\\x02\\x13\\x00\\x13\\x01\\x0e\\x15\\x12\\x8b\\x98\\x02\\x13\\x00\\x15\\x12\\x81\\xd5\\x01\\x13\\x00\\x07\\x15\\x12\\x81\\xd5\\x01\\x13\\x00\\x08\\x15\\x12\\x80\\xf5\\x01\\x12\\x84Q\\x08\\x15\\x12\\x81\\x15\\x01\\x12\\x84Q\\x08\\x15\\x12\\x08\\x02\\x13\\x00\\x13\\x01\\x03\\x06\\x13\\x00\\x03\\x06\\x13\\x01\n\\x07\\x01\\x15\\x12\\x08\\x02\\x13\\x00\\x13\\x01\\x07\\x15\\x12\\x84a\\x01\\x13\\x00\t\\x00\\x00\\x15\\x12\\x84a\\x01\\x13\\x00\\x07 \\x02\\x02\\x13\\x00\\x13\\x00\\x07\\x15\\x12\\x84a\\x01\\x13\\x01\\x05 \\x01\\x08\\x13\\x00\\x06\\x07\\x02\\x13\\x00\\x13\\x01\\x02\\x13\\x00\\x03 \\x00\\x0e\\x02\\x13\\x01\t\\x00\\x03\\x0e\\x12\\x80\\xd1\\x0e\\x1d\\x1c\\x07 \\x02\\x01\n\\x11\\x84q\\x0b\\x07\\x02\\x0f\\x11\\x80\\xa0E\\x10\\x11\\x80\\xa0\\x0e\\x07\\x05\\x02\\x0f\tE\\x10\t\\x11\\x81@\\x11\\x814\\x05 "
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1430
          },
          {
            "timestamp": "2026-06-28 21:56:16,136",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1431
          },
          {
            "timestamp": "2026-06-28 21:56:16,136",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x12\\x89\\\\x06 \\x01\\x01\\x12\\x89\\\\x05 \\x00\\x12\\x81\\x94\\x06 \\x01\\x01\\x12\\x81\\x94\\x05 \\x00\\x12\\x82\\xac\\x06 \\x01\\x01\\x12\\x82\\xac\\x05 \\x00\\x12\\x81\\xac\\x06 \\x01\\x01\\x12\\x81\\xac\\x12 \\x00\\x15\\x12\\x81\\x15\\x01\\x15\\x12\\x80\\xe9\\x02\\x12\\x81\\xf0\\x12\\x81\\x98\\x13 \\x01\\x01\\x15\\x12\\x81\\x15\\x01\\x15\\x12\\x80\\xe9\\x02\\x12\\x81\\xf0\\x12\\x81\\x98\r \\x00\\x15\\x12\\x80\\xe9\\x02\\x12\\x81\\xf0\\x12\\x81\\xbc\\x0e \\x01\\x01\\x15\\x12\\x80\\xe9\\x02\\x12\\x81\\xf0\\x12\\x81\\xbc\\x05 \\x00\\x12\\x89\\x84\\x06 \\x01\\x01\\x12\\x89\\x84\\x08 \\x00\\x15\\x12\\x80\\xe5\\x01\\x02\t \\x01\\x01\\x15\\x12\\x80\\xe5\\x01\\x02\\x05 \\x00\\x12\\x82\\xd0\\x06 \\x01\\x01\\x12\\x82\\xd0\\x05 \\x00\\x12\\x81\\x90\\x06 \\x01\\x01\\x12\\x81\\x90\\x06 \\x01\\x0e\\x12\\x8d|\\x07 \\x02\\x01\\x12\\x81\\xec\\x02\\x12 \\x04\\x01\\x12\\x81\\xec\\x02\\x15\\x12\\x84\\xb4\\x01\\x12\\x8d|\\x12\\x84\\xb8\n \\x00\\x15\\x12\\x81\\x85\\x01\\x12\\x8d|\\x06 \\x01\\x01\\x12\\x8d|\\x0e \\x02\\x12\\x81t\\x15\\x12\\x81\\x99\\x01\\x11\\x8d\\x84\\x0e\t\\x00\\x04\\x12\\x81\\xdc\\x0e\\x0e\\x1c\\x0e\t \\x02\\x01"
              },
              {
                "name": "Length",
                "value": "60478"
              }
            ],
            "repeated": 0,
            "id": 1432
          },
          {
            "timestamp": "2026-06-28 21:56:16,136",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x8f\\x7f]\\xb6\\x87\\xdb\\x01\\x00\\x8f\\x7f]\\xb6\\x87\\xdb\\x01\\x00\\x8f\\x7f]\\xb6\\x87\\xdb\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1433
          },
          {
            "timestamp": "2026-06-28 21:56:16,136",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 1434
          },
          {
            "timestamp": "2026-06-28 21:56:16,136",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 2,
            "id": 1435
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1436
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1437
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 1438
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1439
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1440
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1441
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x10\\xf4\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1442
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x10\\xf4\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1443
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x10\\xf4\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1444
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1445
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00\\xc2c\\xa6\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\" \\x0b\\x010\\x00\\x00\\xc4\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00J\\xe3\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x02\\x00\\x00u\\xdf\\x01\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "5058"
              }
            ],
            "repeated": 0,
            "id": 1446
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1447
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x03\\x04\\x05(\\x92\\x00\\x00\\x06*\\x1as\\x99\\x00\\x00\nz\\x1as\\x99\\x00\\x00\nz\\x1as\\x99\\x00\\x00\nz\\x1as\\x99\\x00\\x00\nz\\x1as\\x99\\x00\\x00\nz\\x1as\\x99\\x00\\x00\nz\\x1as\\x99\\x00\\x00\nz\\x1as\\x99\\x00\\x00\nz\\x1as\\x99\\x00\\x00\nz\\x1as\\x99\\x00\\x00\nz\\x1as\\x99\\x00\\x00\nz\\x1b0\\x02\\x00'\\x00\\x00\\x00!\\x00\\x00\\x11\\x03s~\\x00\\x00\\x06\n\\x06\\x03o\\x84\\x00\\x00\\x06\\x0b\\xde\\x14\\x06,\\x06\\x06o$\\x00\\x00\n\\xdc&\\xde\\x00\\x16\\x8df\\x00\\x00\\x01*\\x07*\\x00\\x01\\x1c\\x00\\x00\\x02\\x00\\x07\\x00\n\\x11\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1b\\x1b\\x00\\x03\\x1d\\x00\\x00\\x01\\x1as\\x99\\x00\\x00\nz\\x1e\\x02(E\\x00\\x00\n*\\x00\\x130\\x02\\x00a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02r\\x98\\x02\\x00p(\\xa9\\x00\\x00\\x06}\\xd7\\x00\\x00\\x04\\x02r\\xbc\\x02\\x00p(\\xab\\x00\\x00\\x06}\\xd3\\x00\\x00\\x04\\x02r\\xd2\\x02\\x00p(\\xaa\\x00\\x00\\x06}\\xd5\\x00\\x00\\x04\\x02r\\xe8\\x02\\x00p(\\xab\\x00\\x00\\x06}\\xd4\\x00"
              },
              {
                "name": "Length",
                "value": "57422"
              }
            ],
            "repeated": 0,
            "id": 1448
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00r\\xaa\\xf0(\\x10\\xdb\\x01\\x00r\\xaa\\xf0(\\x10\\xdb\\x01\\x00r\\xaa\\xf0(\\x10\\xdb\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1449
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 1450
          },
          {
            "timestamp": "2026-06-28 21:56:16,152",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1451
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1452
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 1453
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1454
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\"
              }
            ],
            "repeated": 0,
            "id": 1455
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\"
              }
            ],
            "repeated": 0,
            "id": 1456
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native"
              }
            ],
            "repeated": 0,
            "id": 1457
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native"
              }
            ],
            "repeated": 0,
            "id": 1458
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64"
              }
            ],
            "repeated": 0,
            "id": 1459
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64"
              }
            ],
            "repeated": 0,
            "id": 1460
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes"
              }
            ],
            "repeated": 0,
            "id": 1461
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes"
              }
            ],
            "repeated": 0,
            "id": 1462
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8ee52",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64"
              }
            ],
            "repeated": 0,
            "id": 1463
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8ee52",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native"
              }
            ],
            "repeated": 0,
            "id": 1464
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8ee52",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\"
              }
            ],
            "repeated": 0,
            "id": 1465
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1466
          },
          {
            "timestamp": "2026-06-28 21:56:16,168",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1467
          },
          {
            "timestamp": "2026-06-28 21:56:16,183",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb8\\x9f,\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1468
          },
          {
            "timestamp": "2026-06-28 21:56:16,183",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb8\\x9f,\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1469
          },
          {
            "timestamp": "2026-06-28 21:56:16,183",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb8\\x9f,\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1470
          },
          {
            "timestamp": "2026-06-28 21:56:16,183",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1471
          },
          {
            "timestamp": "2026-06-28 21:56:16,183",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x01\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd1c+}\\x95\\x02E.\\x95\\x02E.\\x95\\x02E.\\xdezF/\\x90\\x02E.\\xdez@/#\\x02E.\\x95\\x02E.\\x94\\x02E.W\\x83A/\\x85\\x02E.W\\x83F/\\x86\\x02E.\\xdezA/\\x8e\\x02E.\\xdezC/\\x94\\x02E.W\\x83@/\\xff\\x02E.\\xdezD/\\x88\\x02E.\\x95\\x02D.\\xc5\\x03E.f\\x80@/\\x94\\x02E.f\\x80L/v\\x02E.f\\x80E/\\x94\\x02E.f\\x80\\xba.\\x94\\x02E."
              },
              {
                "name": "Length",
                "value": "8114"
              }
            ],
            "repeated": 0,
            "id": 1472
          },
          {
            "timestamp": "2026-06-28 21:56:16,183",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1473
          },
          {
            "timestamp": "2026-06-28 21:56:16,183",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x10H\\x89C\\x10\\x88\\x03H\\x8b\\xc7H\\xc7C\\x18\\x0f\\x00\\x00\\x00H\\x8b\\$0H\\x83\\xc4 _\\xc3\\xcc@S\\xb8 \\x00\\x00\\x00\\xe8\\xe4\\xf6\\x16\\x00H+\\xe0H\\x8b\\xd9H\\x8d\r\n/,\\x00\\xe8\\x82\\xf5\\x16\\x003\\xc0\\x0fW\\xc0\\x0f\\x11\\x03H\\x89C\\x10H\\x89C\\x18H\\x8b\\xc3H\\x83\\xc4 [\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xb8(\\x00\\x00\\x00\\xe8\\xa6\\xf6\\x16\\x00H+\\xe0H\\x8d\r\\xd0.,\\x00\\xe8G\\xf5\\x16\\x00H\\x8d\r\\xc0; \\x00\\xe8c\\xb9\\x16\\x00\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccH\\x89\\$\\x08H\\x89t$\\x10W\\xb8 \\x00\\x00\\x00\\xe8k\\xf6\\x16\\x00H+\\xe0H\\x8b\\xd9I\\x8b\\xf8H\\x8d\r\\x8f.,\\x00H\\x8b\\xf2\\xe8\\x03\\xf5\\x16\\x00H\\x83\\xcb\\x0fH;\\xdfw/H\\x8b\\xceH\\x8b\\xc7H\\xd1\\xe9H+\\xc1H;\\xf0w\\x1eH\\x8d\\x041H;\\xd8H\\x0fB\\xd8H\\x8b\\xc3H\\x8b\\$0H\\x8bt$8H\\x83\\xc4 _\\xc3\\x0f\\xae\\xe8H\\x8b\\$0H\\x8b\\xc7H\\x8b"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1474
          },
          {
            "timestamp": "2026-06-28 21:56:16,183",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1475
          },
          {
            "timestamp": "2026-06-28 21:56:16,183",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "J\\x10\\x80y\\x18\\x00u!\\xc6@\\x18\\x01\\xc6A\\x18\\x01H\\x8bC\\x08H\\x8bH\\x08\\xc6A\\x18\\x00H\\x8bC\\x08H\\x8bX\\x08\\xe9\\x95\\x00\\x00\\x00H;X\\x10u\\x0eH\\x8b\\xd0H\\x8b\\xceH\\x8b\\xd8\\xe81\\x02\\x00\\x00H\\x8bC\\x08\\xc6@\\x18\\x01H\\x8bC\\x08H\\x8bH\\x08\\xc6A\\x18\\x00H\\x8b\\xceH\\x8bS\\x08H\\x8bR\\x08\\xe8m\\x01\\x00\\x00\\xeb[\\x80y\\x18\\x00u\\x1e\\xc6@\\x18\\x01\\xc6A\\x18\\x01H\\x8bC\\x08H\\x8bH\\x08\\xc6A\\x18\\x00H\\x8bC\\x08H\\x8bX\\x08\\xeb7H;\\x18u\\x0eH\\x8b\\xd0H\\x8b\\xceH\\x8b\\xd8\\xe84\\x01\\x00\\x00H\\x8bC\\x08\\xc6@\\x18\\x01H\\x8bC\\x08H\\x8bH\\x08\\xc6A\\x18\\x00H\\x8b\\xceH\\x8bS\\x08H\\x8bR\\x08\\xe8\\xb0\\x01\\x00\\x00H\\x8bC\\x08\\x80x\\x18\\x00\\x0f\\x84\"\\xff\\xff\\xffI\\x8bF\\x08\\xc6@\\x18\\x01H\\x8b\\$0H\\x8b\\xc7H\\x8b|$@H\\x8bt$8H\\x83\\xc4 A^\\xc3\\xccH\\x89|$\\x18AV\\xb8 \\x00\\x00\\x00\\xe8\\x0f\\xf6\\x15\\x00H"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1476
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1477
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xa9\\xff\\xffH\\x8dM\\xe0\\xe8R\\x05\\xfe\\xff\\x0fW\\xc0\\x0f\\x11E\\xe0\\x0fW\\xc9\\xf3\\x0f\\x7fM\\xf0A\\xb8\r\\x00\\x00\\x00H\\x8d\\x15\\x96j\\x1e\\x00H\\x8dM\\xe0\\xe8\\xed\\x02\\xfe\\xffH\\x8dU\\xe0H\\x8b\\xcf\\xe8!\\xa9\\xff\\xffH\\x8dM\\xe0\\xe8\\x18\\x05\\xfe\\xff\\x0fW\\xc0\\x0f\\x11E\\xe0\\x0fW\\xc9\\xf3\\x0f\\x7fM\\xf0A\\xb8\\x0f\\x00\\x00\\x00H\\x8d\\x15\\x94j\\x1e\\x00H\\x8dM\\xe0\\xe8\\xb3\\x02\\xfe\\xffH\\x8dU\\xe0H\\x8b\\xcf\\xe8\\xe7\\xa8\\xff\\xffH\\x8dM\\xe0\\xe8\\xde\\x04\\xfe\\xff\\x0fW\\xc0\\x0f\\x11E\\xe0\\x0fW\\xc9\\xf3\\x0f\\x7fM\\xf0A\\xb8\\x11\\x00\\x00\\x00H\\x8d\\x15Bj\\x1e\\x00H\\x8dM\\xe0\\xe8y\\x02\\xfe\\xffH\\x8dU\\xe0H\\x8b\\xcf\\xe8\\xad\\xa8\\xff\\xffH\\x8dM\\xe0\\xe8\\xa4\\x04\\xfe\\xffH\\x8b\\xcb\\xe8\\xb4\\xc5\\x14\\x00\\x90H\\x8b\\$pH\\x8bt$xH\\x8b\\xbc$\\x80\\x00\\x00\\x00H\\x83\\xc4`]\\xc3\\xff\\xc8\\x89CL\\xb9\\x06\\x00\\x00\\x00\\xe8\\x00\\xc8\\x14\\x00\\xcc\\xb9\\x05\\x00\\x00\\x00\\xe8\\xf5\\xc7\\x14\\x00\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccH\\x89"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1478
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1479
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "`\\xe8\\xb8\\xf5\\x13\\x00@8w`\\x0f\\x84\\x1b\\x01\\x00\\x00H9wP\\x0f\\x84\\x11\\x01\\x00\\x00H9wx\\x0f\\x84\\x07\\x01\\x00\\x00H\\x8dO H\\x8d\\x15/|\\x1d\\x00\\xe8z\\x05\\x00\\x00\\x84\\xc0\\x0f\\x85\\xef\\x00\\x00\\x00H9\\xb7\\x18\\x01\\x00\\x00\\x0f\\x85\\xe2\\x00\\x00\\x00H\\x8bGxH\\xff\\xc0H9\\x87\\x98\\x00\\x00\\x00\\x0f\\x85\\xce\\x00\\x00\\x00H\\x8b\\x87\\xf8\\x00\\x00\\x00H\\x85\\xc0u\rH9\\xb7\\xb8\\x00\\x00\\x00\\x0f\\x85\\xb5\\x00\\x00\\x00H9\\xb7\\xb8\\x00\\x00\\x00\\x0f\\x84\\x9b\\x00\\x00\\x00H\\x89\\$hH\\x85\\xc0tv\\x0fW\\xc0H\\x89t$@A\\xb8\\x02\\x00\\x00\\x00H\\x89t$HH\\x8d\\x15S{\\x1d\\x00H\\x8dL$0\\x0f\\x11D$0\\xe8h\\x02\\xfd\\xffH\\x83|$H\\x0fH\\x8dL$0H\\x8bT$@\\xbe\\x01\\x00\\x00\\x00H\\x0fGL$0\\xe8\\xa8<\\xfd\\xffL\\x8b\\xc8L\\x8dD$0H\\x8dT$ H\\x8d\\x8f\\xa8\\x00\\x00\\x00\\xe8_;\\xfd\\xffH\\x83x\\x08\\x00t\rH9\\xb7\\xb8\\x00\\x00\\x00w\\x042"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1480
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1481
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "H\\x0fD\\xd8\\xba\\x01\\x00\\x00\\x00H\\x8dM\\x8f\\xe8\\xcc\\xf1\\xfd\\xffL\\x8b\\xc0H\\x8b\\xd3H\\x8dM\\x9f\\xe8\\x9d\\xee\\xfd\\xffH\\x8d\\x15\\x9e\\xd3\"\\x00H\\x8dM\\x9f\\xe8I\\x15\\x13\\x00\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccH\\x89\\$\\x10L\\x89L$ H\\x89L$\\x08UVWATAUAVAW\\xb8p\\x00\\x00\\x00\\xe8\\xac\\xf6\\x12\\x00H+\\xe0I\\x8b\\xd9I\\x8b\\xf8L\\x8b\\xeaH\\x8d\rD4(\\x00\\xe8D\\xf5\\x12\\x00H\\x8bC@H\\x8bH\\x08H\\x89L$XH\\x8b\\x01H\\x8b@\\x08\\xff\\x15zM\\x1b\\x00\\x90H\\x8dL$P\\xe8\\xefx\\xfe\\xffL\\x8b\\xf0H\\x8bL$XH\\x85\\xc9t)H\\x8b\\x11H\\x8bB\\x10\\xff\\x15UM\\x1b\\x00L\\x8b\\xc0H\\x85\\xc0t\\x14H\\x8b\\x08H\\x8b\\x01\\xba\\x01\\x00\\x00\\x00I\\x8b\\xc8\\xff\\x159M\\x1b\\x00H\\x8b\\x9c$\\xe0\\x00\\x00\\x00H\\x8b\\xb4$\\xe8\\x00\\x00\\x00H;\\xde\\x0f\\x84S\\x01\\x00\\x00L\\x8b\\xfbI\\x8b\\x06E3\\xc0\\x0f\\xb6\\x13I\\x8b\\xceH\\x8b@"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1482
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1483
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x0fH\\x8b\\x01H\\x8d\\x95\\xe0\\x00\\x00\\x00H\\x8b@x\\xff\\x15\\xf9M\\x1a\\x00\\x90\\xbb\\x01\\x00\\x00\\x00\\x89\\$0D\\x8b\\xf3\\x8b\\xfb\\x8b\\xf3H\\x838\\x00\\x0f\\x84\\xf8\\x00\\x00\\x00I\\x8b\\x0fH\\x8b\\x01H\\x8b@P\\xff\\x15\\xceM\\x1a\\x00<\\x02\\x0f\\x85\\xe0\\x00\\x00\\x00H\\x83\\xbd\\x00\\x01\\x00\\x00\\x00\\x0f\\x84\\xd2\\x00\\x00\\x00H\\x8dT$PI\\x8b\\xcc\\xe8\\xfb\\xed\\xfd\\xff\\x90\\xbb\\x03\\x00\\x00\\x00\\x89\\$0\\x8b\\xfb\\x8b\\xf3D\\x8b\\xf3H\\x83x\\x10\\x00\\x0f\\x84\\xa9\\x00\\x00\\x00H\\x8d\\x95@\\x01\\x00\\x00I\\x8b\\xcc\\xe8\\xd0\\xed\\xfd\\xff\\x90\\xc7D$0\\x07\\x00\\x00\\x00H\\x8b\\xc8H\\x83x\\x18\\x0fv\\x03H\\x8b\\x08H\\x8b@\\x10H\\x89\\x8d0\\x01\\x00\\x00H\\x89\\x858\\x01\\x00\\x00I\\x8b\\x0fH\\x8b\\x01H\\x8d\\x95`\\x01\\x00\\x00H\\x8b\\x80\\x80\\x00\\x00\\x00\\xff\\x15>M\\x1a\\x00\\xbb\\x0f\\x00\\x00\\x00H\\x8b\\xc8H9X\\x18v\\x03H\\x8b\\x08H\\x8b@\\x10H\\x89\\x8d\\x10\\x01\\x00\\x00H\\x89\\x85\\x18\\x01\\x00\\x00\\x0f(\\x850\\x01\\x00\\x00f\\x0f\\x7fE\\xd0\\x0f"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1484
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\$\\x08W\\xb8 \\x00\\x00\\x00\\xe8\\x00\\xf7\\x10\\x00H+\\xe0H\\x8b\\xdaH\\x8b\\xf9\\xe8\"\\xc1\\xfa\\xffH\\x8d\\x05\\xb3\\xcc\\x1a\\x00H\\x89\\x07H\\x8bC8H\\x8b\\$0H\\x89G8H\\x8b\\xc7H\\x83\\xc4 _\\xc3\\xcc\\xccH\\x89\\$\\x08H\\x89t$\\x10W\\xb8 \\x00\\x00\\x00\\xe8\\xbb\\xf6\\x10\\x00H+\\xe0H\\x8b\\xd9H\\x8d\r3X&\\x00\\xe8Y\\xf5\\x10\\x00\\x90H\\x8d\\x8b\\xc0\\x00\\x00\\x00\\x0f\\xb6\\x93\\xb8\\x00\\x00\\x00\\xe8\\xf5\\xd7\\xfa\\xff\\x90H\\x8d{pH\\x8bO83\\xf6H\\x85\\xc9t\\x17H\\x8b\\x01H;\\xcf\\x0f\\x95\\xc2H\\x8b@ \\xff\\x15rM\\x19\\x00H\\x89w8H\\x8bS@H\\x85\\xd2t L\\x8bCPL+\\xc2I\\xc1\\xf8\\x02H\\x8dK@\\xe8A\\x01\\x00\\x00H\\x89s@H\\x89sHH\\x89sPH\\x8bS H\\x85\\xd2t L\\x8bC0L+\\xc2I\\xc1\\xf8\\x02H\\x8dK \\xe8\\x18\\x01\\x00\\x00H\\x89s H\\x89s(H\\x89s0H\\x8bS\\x08H\\x85\\xd2t\\x1cL\\x8bC\\x18L"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1485
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1486
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x08H\\x8bC\\x08H\\x85\\xc0t\t\\xf0\\xff@\\x08H\\x8b|$HH\\x8b\\x03H\\x89\\x02H\\x8bC\\x08H\\x89B\\x08H\\x83\\x84$\\x10\\x01\\x00\\x00\\x10\\xeb\\x12L\\x8b\\xc3H\\x8d\\x8c$\\x08\\x01\\x00\\x00\\xe8\\x82B\\x00\\x003\\xf6H\\x8b\\x94$X\\x01\\x00\\x00H\\x85\\xd2t(L\\x8b\\x84$h\\x01\\x00\\x00L+\\xc2I\\xc1\\xf8\\x03\\xe8O\\xf7\\xf8\\xffH\\x89\\xb4$X\\x01\\x00\\x00\\x0fW\\xc0f\\x0f\\x7f\\x84$`\\x01\\x00\\x00H\\x8b\\x94$H\\x01\\x00\\x00\\xe8\\x9e\\xfc\\xf8\\xff\\xba0\\x00\\x00\\x00H\\x8b\\x8c$H\\x01\\x00\\x00\\xe8\\xb8\\xe9\\x0f\\x00\\x90H\\x8d\\x8c$`\\x02\\x00\\x00\\xe8\\xbe\\x04\\xf9\\xff\\x90H\\x8b\\x94$\\x98\\x01\\x00\\x00H\\x85\\xd2t(L\\x8b\\x84$\\xa8\\x01\\x00\\x00L+\\xc2I\\xc1\\xf8\\x03\\xe8\\xec\\xf6\\xf8\\xffH\\x89\\xb4$\\x98\\x01\\x00\\x00\\x0fW\\xc0f\\x0f\\x7f\\x84$\\xa0\\x01\\x00\\x00H\\x8b\\x94$\\x88\\x01\\x00\\x00\\xe8;\\xfc\\xf8\\xff\\xba0\\x00\\x00\\x00H\\x8b\\x8c$\\x88\\x01\\x00\\x00\\xe8U\\xe9\\x0f\\x00H\\x83\\xc3\\x10\\xe9\\xd1\\xfd\\xff\\xffH\\x8d"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1487
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1488
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xf5\\x0e\\x00\\x80\\xbb\\x98\\x00\\x00\\x00\\x02L\\x8dO8H\\x8bW\\x18L\\x8dG H\\x8bO\\x08\\x0f\\x94\\xc0L\\x89L$(D\\x0f\\xb6O0\\x88D$ \\xe8\\xee\\xdb\\xff\\xffH\\x8b\\$@H\\x83\\xc40_\\xc3\\xcc\\xcc\\xcc\\xb8(\\x00\\x00\\x00\\xe8\\xc6\\xf6\\x0e\\x00H+\\xe0H\\x8d\rx[$\\x00\\xe8g\\xf5\\x0e\\x003\\xc0H\\x83\\xc4(\\xc3@S\\xb8 \\x00\\x00\\x00\\xe8\\xa4\\xf6\\x0e\\x00H+\\xe0H\\x8b\\xd9H\\x8d\rS[$\\x00\\xe8B\\xf5\\x0e\\x00H\\x8dK\\x08H\\x83\\xc4 [\\xe9$\n\\x00\\x00\\xcc\\xcc\\xcc\\xccH\\x89\\$\\x10W\\xb8 \\x00\\x00\\x00\\xe8p\\xf6\\x0e\\x00H+\\xe0H\\x8b\\xd9\\x0f\\xb6\\xfaH\\x8d\r\\x1c[$\\x00\\xe8\\x0b\\xf5\\x0e\\x00H\\x8bK H\\x85\\xc9t\\x05\\xe8=\\xfd\\xf7\\xffH\\x8bK\\x10H\\x85\\xc9t\\x05\\xe8/\\xfd\\xf7\\xff@\\x84\\xfft\r\\xba(\\x00\\x00\\x00H\\x8b\\xcb\\xe8i\\xe9\\x0e\\x00H\\x8b\\$8H\\x83\\xc4 _\\xc3\\xcc\\xcc\\xb8(\\x00\\x00\\x00\\xe8\\x16\\xf6\\x0e\\x00H+\\xe0H\\x8d\r\\xc8Z"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1489
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1490
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xfa\\xe9\r\\x00H\\x8b\\$pH\\x83\\xc4`_\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccH\\x89T$\\x10S\\xb80\\x00\\x00\\x00\\xe8\\xe0\\xf6\r\\x00H+\\xe0H\\x8d\r\\x1e\\#\\x00H\\x8b\\xda\\xe8~\\xf5\r\\x00H\\x8dT$H\\xc7D$H\\x00\\x00\\x00\\x00H\\x8b\\xcb\\xe8\\x99+\\xf7\\xffH\\x8b\\xc3H\\x83\\xc40[\\xc3@S\\xb8 \\x00\\x00\\x00\\xe8\\xa4\\xf6\r\\x00H+\\xe0H\\x8b\\xd9H\\x8d\r\\x9bQ#\\x00\\xe8B\\xf5\r\\x00\\x90H\\x8b\\x0bH\\x85\\xc9t\\x0c\\xe8\\xf4\\x19\\x08\\x00H\\xc7\\x03\\x00\\x00\\x00\\x00H\\x83\\xc4 [\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc@S\\xb8 \\x00\\x00\\x00\\xe8d\\xf6\r\\x00H+\\xe0H\\x8b\\xd9H\\x8d\rB[#\\x00\\xe8\\x02\\xf5\r\\x00H\\x8b\\x0bH\\x85\\xc9t)H\\x8bS\\x08\\xe8\\xb1\\x00\\x00\\x00H\\x8b\\x13L\\x8bC\\x10L+\\xc2I\\xc1\\xf8\\x06\\xe8\\x9eg\\xff\\xff3\\xc0H\\x89\\x03H\\x89C\\x08H\\x89C\\x10H\\x83\\xc4 [\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc@S"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1491
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1492
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xe8y\\x00\\x00\\x00H\\xc7C\\x08\\x00\\x00\\x00\\x00H\\x89+H\\x89{\\x08H\\x8b\\xc3H\\x8b\\x8c$\\x90\\x00\\x00\\x00H3\\xcc\\xe8\\xd7\\xe9\\x0c\\x00H\\x8b\\x9c$\\xc8\\x00\\x00\\x00H\\x81\\xc4\\xa0\\x00\\x00\\x00_^]\\xc3\\xcc\\xcc\\xcc\\xcc@S\\xb8 \\x00\\x00\\x00\\xe8\\xc4\\xf6\\x0c\\x00H+\\xe0H\\x8d\\x05z-\\x17\\x00H\\x8b\\xd9H\\x89\\x01\\xf6\\xc2\\x01t\n\\xba8\\x00\\x00\\x00\\xe8\\xe1\\xe9\\x0c\\x00H\\x8b\\xc3H\\x83\\xc4 [\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccH\\x89\\$\\x08H\\x89t$\\x10W\\xb8 \\x00\\x00\\x00\\xe8{\\xf6\\x0c\\x00H+\\xe0H\\x8b\\xf9I\\x8b\\xf1H\\x8d\rL[\"\\x00I\\x8b\\xd8\\xe8\\x13\\xf5\\x0c\\x003\\xc9H\\x8d\\x05\\xfa,\\x17\\x00H\\x89O\\x08H\\x89O\\x10H\\x89\\x07H\\x8b\\x03H\\x89G\\x08H\\x8bC\\x08H\\x89G\\x10H\\x89\\x0bH\\x89K\\x08H\\x89O\\x18H\\x89O H\\x8b\\x06H\\x89G\\x18H\\x8bF\\x08H\\x89G H\\x89\\x0eH\\x89N\\x08H\\x8bK\\x08H\\x85\\xc9t\\x05\\xe8\\xfd\\xfc\\xf5"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1493
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1494
          },
          {
            "timestamp": "2026-06-28 21:56:16,199",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00I\\x8b\\xce\\xe8\\x94\\x03\\x00\\x00L\\x8bD$0I\\x8b\\xd0I#V0H\\x03\\xd2I\\x8bN\\x18H\\x8bD\\xd1\\x08I\\x8b]\\x00H;\\xc3u\\x16H\\xc7D$8\\x00\\x00\\x00\\x00H\\x89\\$0H\\x8b\\xebL\\x8b\\xfb\\xebIH\\x8b\\x14\\xd1\\x0f\\xb6O\\x10:H\\x10t\\x11H\\x8b\\xd8H;\\xc2t\\x19H\\x8b@\\x08:H\\x10u\\xefH\\x8b\\x18H\\x89\\$0H\\x8b\\xebL\\x8b\\xfb\\xeb\\x1bH\\x89D$0H\\xc7D$8\\x00\\x00\\x00\\x00H\\x8b\\xebL\\x8b\\xf8\\xeb\\x05L\\x8bD$0H\\x8bS\\x08I\\xffF\\x10L\\x89?H\\x89W\\x08H\\x89:H\\x89{\\x08I\\x8bN\\x18I\\x8bF0I#\\xc0H\\x03\\xc0L\\x8b\\x04\\xc1M;E\\x00u\\x06H\\x89<\\xc1\\xeb\\x12L;\\xc5u\\x06H\\x89<\\xc1\\xeb\\x0cH9T\\xc1\\x08u\\x05H\\x89|\\xc1\\x08H\\x89>\\xc6F\\x08\\x01\\xe9b\\xfe\\xff\\xffH\\x8d\r&<\\x15\\x00\\xe8\\xf9\\xb8\\x0b\\x00\\xccH\\x89\\$ UVWATAUAVAW\\xb8`"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1495
          },
          {
            "timestamp": "2026-06-28 21:56:16,215",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1496
          },
          {
            "timestamp": "2026-06-28 21:56:16,215",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "L$0\\xe8V\\x05\\xf4\\xff\\x90H\\x8dL$P\\xe8K\\x05\\xf4\\xff\\xc6CP\\x00H\\x8dM\\x90\\xe8\\x8e\\xfa\\xf4\\xff\\xe9\\xf5\\x00\\x00\\x00H\\x8dM\\x90\\xe8\\x80\\xfa\\xf4\\xff\\x0fW\\xc0\\x0f\\x11D$0\\x0fW\\xc9\\xf3\\x0f\\x7fL$@A\\xb8\\x16\\x00\\x00\\x00H\\x8d\\x15\\xb2d\\x15\\x00H\\x8dL$0\\xe8\\xc8\\x02\\xf4\\xff\\x90\\x0fW\\xc0\\x0f\\x11D$P\\x0fW\\xc9\\xf3\\x0f\\x7fL$`A\\xb8\\x12\\x00\\x00\\x00H\\x8d\\x15\\xa1c\\x15\\x00H\\x8dL$P\\xe8\\x9f\\x02\\xf4\\xff\\x90H\\x8dD$0H\\x89D$ L\\x8dL$PA\\xb8D\\x02\\x00\\x00\\xb2\\x01\\xb9\\x92$<\\x1e\\xe8\\x1dM\\x06\\x00\\x90H\\x8dL$P\\xe8\\xb2\\x04\\xf4\\xff\\x90H\\x8dL$0\\xe8\\xa7\\x04\\xf4\\xffH\\x83\\xc7X\\x0f\\xb6\\x87\\x88\\x00\\x00\\x00\\x80}8\\x00t H\\x8dU\\xb0H\\x8b\\xcf\\x84\\xc0t\\x07\\xe86&\\x00\\x00\\xeb<\\xe8\\x7f'\\x00\\x00\\xc6\\x87\\x88\\x00\\x00\\x00\\x01\\xeb.\\x84\\xc0t*H\\x8dO`\\xe8i\\x04\\xf4\\xffH\\x8dO@\\xe8`\\x04\\xf4\\xffH\\x8d"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1497
          },
          {
            "timestamp": "2026-06-28 21:56:16,215",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\x00\\x00\\x00H\\x8d\\x85\\xd0\\x02\\x00\\x00H\\x89D$(H\\x89L$ H\\x8d\\x8d(\\x01\\x00\\x00\\xe8\\xbd\\x1f\\xf3\\xff\\x90L\\x8b\\xcbL\\x8d\\x85(\\x01\\x00\\x00I\\x8b\\xce\\xe8\\xba\\x8d\\xf4\\xff\\x90H\\x8d\\x8d(\\x01\\x00\\x00\\xe8\\x1d\\x05\\xf3\\xff\\x90H\\x8dM\\x88\\xe8\\x13\\x05\\xf3\\xff\\x90H\\x8d\\x8d\\x08\\x01\\x00\\x00\\xe8V\\xfa\\xf3\\xff\\x90H\\x8b\\x8d\\xf0\\x02\\x00\\x00H\\x85\\xc9t\\x06\\xe8\\x94\\xfd\\xf2\\xff\\x90H\\x8d\\x8d\\x18\\x03\\x00\\x00\\xe8\\xe7\\x04\\xf3\\xff\\x90\\x0f\\xb6\\x95\\x08\\x03\\x00\\x00H\\x8d\\x8d\\x10\\x03\\x00\\x00\\xe8\\xe3\\xd7\\xf3\\xff\\x90\\x0f\\xb6\\x95\\xf8\\x02\\x00\\x00H\\x8d\\x8d\\x00\\x03\\x00\\x00\\xe8\\xcf\\xd7\\xf3\\xff\\x90H\\x8d\\x8d8\\x03\\x00\\x00\\xe8\\xb2\\x04\\xf3\\xffI\\x8b\\xc6H\\x8b\\x8dX\\x03\\x00\\x00H3\\xcc\\xe8@\\xe9\t\\x00H\\x8b\\x9c$\\xb8\\x04\\x00\\x00H\\x81\\xc4`\\x04\\x00\\x00A_A^A]A\\_^]\\xc3\\xe8\\x80\\xff\\xf2\\xff\\x90\\xb9\\xb0\\x00\\x00\\x00\\xe8i\\xe9\t\\x00H\\x8b\\xd8H\\x89E\\x80H\\x8b\\xc8\\xe8Ft\\xf6\\xffH\\x8d\\x05\\x0f\\xa7\\x13\\x00H"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1498
          },
          {
            "timestamp": "2026-06-28 21:56:16,215",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1499
          },
          {
            "timestamp": "2026-06-28 21:56:16,215",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "H\\x8dT$PH\\x8b@(\\xff\\x15\\xffM\\x11\\x00\\x90H\\x8b\\xd0H\\x8dM`\\xe8\\x92\\xb4\\xfb\\xff\\x90H\\x8dL$P\\xe87\\x05\\xf2\\xffI\\x8b\\x0c$H\\x8b\\x01H\\x8dU\\x00H\\x8b\\x80\\x80\\x00\\x00\\x00\\xff\\x15\\xcfM\\x11\\x00\\x90H\\x8dT$PH\\x8dM`\\xe8\\x10\\xee\\xf4\\xffH\\x8b\\xc8H\\x83x\\x18\\x0fv\\x03H\\x8b\\x08H\\x8b@\\x10H\\x89M\\xe0H\\x89E\\xe8H\\x8dE\\x00H\\x83}\\x18\\x0fH\\x0fGE\\x00H\\x89E\\xc0H\\x8bE\\x10H\\x89E\\xc8\\x0f(E\\xe0f\\x0f\\x7fE \\x0f(M\\xc0f\\x0f\\x7fM\\xe0H\\x8dU H\\x8dM\\xe0\\xe8\\xfey\\xf5\\xff\\x0f\\xb6\\xd8H\\x8dL$P\\xe8\\xb1\\x04\\xf2\\xff\\x84\\xdb\\x0f\\x85\\x19\\x05\\x00\\x00I\\x8b\\x0fH\\x8b\\x01\\xba\\xcdwH\\x1eH\\x8b\\x80\\x88\\x00\\x00\\x00\\xff\\x15AM\\x11\\x00H\\x8bM\\xf0H\\x8b\\x01H\\x8dU\\xa0H\\x8b@ \\xff\\x15,M\\x11\\x00H\\x8b\\xd8\\xb9p\\x00\\x00\\x00\\xe8c\\xe9\\x08\\x00L\\x8b\\xe8H\\x89D$H\\x0fW\\xc0\\x0f\\x11\\x00\\xc7@\\x08"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1500
          },
          {
            "timestamp": "2026-06-28 21:56:16,215",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1501
          },
          {
            "timestamp": "2026-06-28 21:56:16,215",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "H\\x8bT$XH\\x8dL$ \\xe8\\xdf[\\xf2\\xffH\\x8bD$ H\\x85\\xc0@\\x0f\\x94\\xc6H\\x85\\xc0t\nH\\x8dL$ \\xe8\\xe4T\\xf2\\xff@\\x84\\xf6t\\x13H\\x8dT$XH\\x8b\\xcbH\\x8b\\x07\\xff\\x15\\xceM\\x10\\x00\\xeb^H\\x8d\\x05\\xad]\\x1a\\x00H\\x89D$P\\xf0H\\xff\\x05\\xa0]\\x1a\\x00H\\x8bL$X3\\xc0\\xf0H\\x0f\\xb1\r\\x88]\\x1a\\x00u\\x1cH\\xc7D$X\\x00\\x00\\x00\\x00H\\x8d\\x15\\x86]\\x1a\\x00H\\x8d\rOW\\x1a\\x00\\xe8\\xf3\\xb4\n\\x00H\\x8d\\x15c]\\x1a\\x00H\\x8b\\xcbH\\x8b\\x07\\xff\\x15wM\\x10\\x00\\x90\\xf0H\\xff\rV]\\x1a\\x00H\\x83|$X\\x00t\nH\\x8dL$X\\xe8\\T\\xf2\\xffH\\x8b\\xc3H\\x8bL$`H3\\xcc\\xe8<\\xe9\\x07\\x00L\\x8d\\$pI\\x8b[\\x10I\\x8bs(I\\x8b\\xe3_\\xc3\\xe8m\\xb0\\x08\\x00\\xcc\\xcc\\xcc\\xcc\\xcc@SVWAVAW\\xb8P\\x00\\x00\\x00\\xe8\\x1e\\xf6\\x07\\x00H+\\xe0H\\x8b\\x05\\x94\\x15\\x18\\x00H3\\xc4H\\x89D"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1502
          },
          {
            "timestamp": "2026-06-28 21:56:16,215",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1503
          },
          {
            "timestamp": "2026-06-28 21:56:16,215",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xcf\\xe8\\xe8\\xfc\\xff\\xff\\x90H\\x8bL$XH\\x85\\xc9t\\x19H\\x8b\\x01H\\x8dT$ H;\\xca\\x0f\\x95\\xc2H\\x8b@ \\xff\\x15\\xe5M\\x0f\\x00\\x90L\\x8b\\x84$\\x88\\x00\\x00\\x00I\\x83\\xf8\\x07v\\x0fH\\x8bT$pH\\x8dL$p\\xe8\\xb7u\\xf1\\xfff\\x0fo\\x05oX\\x12\\x00\\xf3\\x0f\\x7f\\x84$\\x80\\x00\\x00\\x00f\\x89\\$p\\x0f\\xb6T$`H\\x8dL$h\\xe8\\x02\\xd8\\xf0\\xff\\x90H\\x8b\\x8c$\\x90\\x00\\x00\\x00H3\\xcc\\xe8\\x81\\xe9\\x06\\x00H\\x8b\\x9c$\\xc0\\x00\\x00\\x00H\\x81\\xc4\\xa0\\x00\\x00\\x00_\\xc3@S\\xb8 \\x00\\x00\\x00\\xe8t\\xf6\\x06\\x00H+\\xe0H\\x8b\\xd9H\\x8d\rR[\\x1c\\x00\\xe8\\x12\\xf5\\x06\\x00H\\x8b\\x0bH\\x85\\xc9t)H\\x8bS\\x08\\xe8Q\\x01\\x00\\x00H\\x8b\\x13L\\x8bC\\x10L+\\xc2I\\xc1\\xf8\\x05\\xe8\\xae\\xc5\\xf3\\xff3\\xc0H\\x89\\x03H\\x89C\\x08H\\x89C\\x10H\\x83\\xc4 [\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccH\\x89\\$\\x08H\\x89t$\\x10W\\xb8 \\x00\\x00\\x00\\xe8\\x0b"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1504
          },
          {
            "timestamp": "2026-06-28 21:56:16,215",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1505
          },
          {
            "timestamp": "2026-06-28 21:56:16,215",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x9fH\\x89D$ E3\\xc0\\xba\\xd0uY\"H\\x8b\\xcf\\xe8x\\x98\\xf0\\xff\\x90H\\x8dM\\x9f\\xe8>\\x05\\xef\\xff\\x90L\\x8bE\\x07I\\x83\\xf8\\x07v\rH\\x8bU\\xefH\\x8dM\\xef\\xe8\\xc6u\\xf0\\xfff\\x0fo\\x05~X\\x11\\x00\\xf3\\x0f\\x7fE\\xfffD\\x89m\\xef\\xe9\\xba\\x00\\x00\\x003\\xd2I\\x8b\\x0e\\xff\\x15\\xf4L\\x0e\\x00Hc\\xd8\\x85\\xc0tx\\x0fW\\xc0\\x0f\\x11E\\x9f\\x0fW\\xc9\\xf3\\x0f\\x7fM\\xafA\\xb8\\x1e\\x00\\x00\\x00H\\x8d\\x15I\\xcc\\x10\\x00H\\x8dM\\x9f\\xe8\\x98\\x02\\xef\\xff\\x90L\\x8b\\xcbH\\x8dE\\x9fH\\x89D$ E3\\xc0\\xba\\x9f\\x08\\x81\"H\\x8b\\xcf\\xe8\\xeb\\x97\\xf0\\xff\\x90H\\x8dM\\x9f\\xe8\\xb1\\x04\\xef\\xff\\x90L\\x8bE\\x07I\\x83\\xf8\\x07v\rH\\x8bU\\xefH\\x8dM\\xef\\xe89u\\xf0\\xfff\\x0fo\\x05\\xf1W\\x11\\x00\\xf3\\x0f\\x7fE\\xfffD\\x89m\\xef\\xeb0L\\x89/L\\x89o\\x08L\\x8bE\\x07I\\x83\\xf8\\x07v\rH\\x8bU\\xefH\\x8dM\\xef\\xe8\\x07u\\xf0\\xfff\\x0fo\\x05\\xbfW\\x11\\x00\\xf3"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1506
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1507
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1508
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "H\\x83}\\x98\\x0fH\\x0fGM\\x80H\\x8bU\\x90\\xe8k=\\xee\\xffL\\x8b\\xc8L\\x8dE\\x80H\\x8d\\x950\\x01\\x00\\x00H\\x8d\\x8d\\xd0\\x02\\x00\\x00\\xe8!<\\xee\\xffH\\x8bH\\x08H\\x8b\\x9d\\xd8\\x02\\x00\\x00H\\x85\\xc9H\\x0fE\\xd9H\\x8dM\\x80\\xe8\\x16\\x05\\xee\\xffH;\\x9d\\xd8\\x02\\x00\\x00\\x0f\\x84\\xbd\\x00\\x00\\x00H\\x8d\\x8d\\xd0\\x02\\x00\\x00\\xe8\\xddj\\xff\\xff\\x84\\xc0\\x0f\\x84\\xa9\\x00\\x00\\x00H\\x8dS0H\\x8d\\x8d0\\x03\\x00\\x00\\xe8EU\\xf3\\xff\\x90H\\x8d\\x05e\\xd9\\x0e\\x00H\\x89E\\x00H\\xc7E\\x08\\x03\\x00\\x00\\x00\\x0f(E\\x00f\\x0f\\x7fE0L\\x8dE0H\\x8d\\x950\\x03\\x00\\x00H\\x8d\\x8d\\xd0\\x00\\x00\\x00\\xe8\\xc12\\xf3\\xffH\\x8b\\xd8H\\x8d\\x85\\xb0\\x02\\x00\\x00H;\\xc3t5H\\x8d\\x8d\\xb0\\x02\\x00\\x00\\xe8\\x96\\x04\\xee\\xff\\x0f\\x10\\x03\\x0f\\x11\\x85\\xb0\\x02\\x00\\x00\\x0f\\x10K\\x10\\x0f\\x11\\x8d\\xc0\\x02\\x00\\x00H\\x89{\\x10H\\xc7C\\x18\\x0f\\x00\\x00\\x00@\\x88;fH\\x0f~\\xcfH\\x8d\\x8d\\xd0\\x00\\x00\\x00\\xe8a\\x04\\xee\\xff\\x90\\x0f\\xb6"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1509
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1510
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x80\\xbf\\xd8\\x00\\x00\\x00\\x00t\\x10\\xe8\\x7f\\x04\\xf0\\xff\\x8bCH\\x89\\x87\\xd0\\x00\\x00\\x00\\xeb\\x15\\xe8\\xbf2\\xed\\xff\\x8bCH\\x89\\x87\\xd0\\x00\\x00\\x00\\xc6\\x87\\xd8\\x00\\x00\\x00\\x01H\\x8d\\x8f(\\x01\\x00\\x00\\xe83\\xc6\\x03\\x00\\x85\\xc0uI\\x8b\\x87t\\x01\\x00\\x00=\\xff\\xff\\xff\\x7ft)H\\x8d\\x8f(\\x01\\x00\\x00\\xc6\\x87x\\x01\\x00\\x00\\x01\\xe8\\x17\\xc6\\x03\\x00H\\x8d\\x8f\\xe0\\x00\\x00\\x00H\\x8b\\$0H\\x83\\xc4 _\\xe9\\xb5\\xd3\\x03\\x00\\xff\\xc8\\xb9\\x06\\x00\\x00\\x00\\x89\\x87t\\x01\\x00\\x00\\xe8c\\xc8\\x03\\x00\\xcc\\xb9\\x05\\x00\\x00\\x00\\xe8X\\xc8\\x03\\x00\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccH\\x89\\$\\x18UVWAVAW\\xb8p\\x00\\x00\\x00\\xe8Z\\xf6\\x03\\x00H+\\xe0H\\x8b\\x05\\xd0\\x15\\x14\\x00H3\\xc4H\\x89D$`H\\x8b\\xf2H\\x8b\\xd9H\\x89T$@H\\x8d\r~[\\x19\\x00\\xe8\\xe1\\xf4\\x03\\x00\\x0fW\\xc0\\x0f\\x11D$PH\\x8d\\xbb(\\x01\\x00\\x00H\\x89|$P\\xc6D$X\\x00H\\x8b\\xcf\\xe8p\\xc5\\x03\\x00\\x85\\xc0"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1511
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1512
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\$\\x10W\\xb8\\x80\\x02\\x00\\x00\\xe8\\x00\\xf7\\x02\\x00H+\\xe0H\\x8b\\x05v\\x16\\x13\\x00H3\\xc4H\\x89\\x84$p\\x02\\x00\\x00H\\x8b\\xf9H\\x8d\r.Y\\x18\\x00\\xe8\\x8c\\xf5\\x02\\x00H\\x8b\\x1ff\\x0f\\x1f\\x84\\x00\\x00\\x00\\x00\\x00H\\x8bK@H\\x8dT$ \\xe8z\\xdb\\x02\\x00\\x83\\xf8\\x12t3\\x85\\xc0uHf\\x83|$L.u\\x18\\x0f\\xb7D$Nf\\x85\\xc0t\\xd7f\\x83\\xf8.u\\x08f\\x83|$P\\x00t\\xc9H\\x8dT$ H\\x8b\\xcb\\xe8\\xccJ\\xfc\\xff\\xeb\\x17H\\x8bO\\x083\\xc0H\\x89\\x07H\\x89G\\x08H\\x85\\xc9t\\x05\\xe8c\\xfd\\xeb\\xff3\\xc0H\\x8b\\x8c$p\\x02\\x00\\x00H3\\xcc\\xe8Q\\xe9\\x02\\x00H\\x8b\\x9c$\\x98\\x02\\x00\\x00H\\x81\\xc4\\x80\\x02\\x00\\x00_\\xc3H\\x89\\$ UVWAVAWH\\x8dl$\\xc9\\xb8\\xa0\\x00\\x00\\x00\\xe85\\xf6\\x02\\x00H+\\xe0H\\x8b\\x05\\xab\\x15\\x13\\x00H3\\xc4H\\x89E/M\\x8b\\xf8H\\x8b\\xfaL\\x8b\\xf1H\\x8d\raX\\x18\\x00\\xe8\\xbf\\xf4\\x02\\x00\\x0f"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1513
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\xe8\\x07\\xf7\\x01\\x00H+\\xe0H\\x8b\\xf1M\\x8b\\xf1H\\x8d\rL\\\\x17\\x00I\\x8b\\xf8\\x8b\\xea\\xe8\\x9d\\xf5\\x01\\x00E3\\xffM\\x85\\xf6t\\x03E\\x89>H\\x85\\xff\\x0f\\x84\\xb1\\x00\\x00\\x00\\x83\\xfd\\x01v\tM\\x85\\xf6\\x0f\\x84\\xa3\\x00\\x00\\x00H\\x89\\$@L9~\\x10\\x0f\\x84\\x8d\\x00\\x00\\x00H\\x8b^\\x18H\\x85\\xdb\\x0f\\x84\\x80\\x00\\x00\\x00H\\x8bF H\\x85\\xc0twH+\\xd8H\\xc1\\xfb\\x03;\\xddA\\x0f\\x92\\xc7\\x0fG\\xddM\\x85\\xf6t\\x03A\\x89\\x1e\\x85\\xdbt?ff\\x0f\\x1f\\x84\\x00\\x00\\x00\\x00\\x00H\\x8bN \\xff\\xcbH\\x85\\xfftTH\\x85\\xc9tOH\\x8b\tH\\x89\\x0fH\\x85\\xc9t\rH\\x8b\\x01H\\x8b@\\x08\\xff\\x15XM\n\\x00H\\x83F \\x08H\\x83\\xc7\\x08\\x85\\xdbu\\xcbA\\x8b\\xc7H\\x8b\\$@H\\x8bl$HH\\x8bt$PH\\x83\\xc4 A_A^_\\xc3\\xb8\\x05@\\x00\\x80\\xeb\\xe0\\xb8\\x03@\\x00\\x80\\xeb\\xde\\xb9\\x05@\\x00\\x80\\xe8\\x87 \\xef\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccH\\x89"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1514
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1515
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x12\\x0f\\xae\\xe8H\\x8b\\x03H\\x8b\\xcbH\\x8b\\x00\\xff\\x15\\xfbM\t\\x00@\\xb5r\\xebCH\\x8bS\\x10H\\xff\\xc2H;S\\x18v\\x12\\x0f\\xae\\xe8H\\x8b\\x03H\\x8b\\xcbH\\x8b\\x00\\xff\\x15\\xd7M\t\\x00@\\xb5t\\xeb\\x1fH\\x8bS\\x10H\\xff\\xc2H;S\\x18v\\x12\\x0f\\xae\\xe8H\\x8b\\x03H\\x8b\\xcbH\\x8b\\x00\\xff\\x15\\xb3M\t\\x00H\\x8bC\\x10H\\x8bK\\x08\\xc6\\x04\\x01\\H\\xffC\\x10H\\x8bC\\x10H\\x8dP\\x01H;S\\x18v\\x12\\x0f\\xae\\xe8H\\x8b\\x0bH\\x8b\\x01H\\x8b\\xcb\\xff\\x15\\x83M\t\\x00H\\x8bK\\x10H\\x8bS\\x08@\\x88,\nH\\xffC\\x10\\xe9\\x80\\x00\\x00\\x00A\\x81\\xf9\\x00\\x01\\x00\\x00s\\x10A\\xb0xH\\x8b\\xd3H\\x8b\\xce\\xe8\\xb7\\xf8\\xff\\xff\\xebjA\\x81\\xf9\\x00\\x00\\x01\\x00s\\x10A\\xb0uH\\x8b\\xd3H\\x8b\\xce\\xe8.\\xfa\\xff\\xff\\xebQA\\x81\\xf9\\x00\\x00\\x11\\x00s\\x10A\\xb0UH\\x8b\\xd3H\\x8b\\xce\\xe8\\xa5\\xfb\\xff\\xff\\xeb8H\\x8bo\\x08H\\x8b?H;\\xfdt)\\x0f\\x1f\\x80\\x00\\x00\\x00\\x00\\x0f\\xbe"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1516
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1517
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x83c\\\\x00H\\x83\\xc4 [\\xc3\\xcc\\xcc\\xcc\\xccH\\x8b\\xc1H\\x8bI\\x08\\xff`\\x10\\xcc\\xccH\\x89\\$\\x08WH\\x83\\xec \\x80=\\x8bI\\x12\\x00\\x00H\\x8b\\xf9t\\x0eH\\x8b\t\\xff\\x15\\xbdG\\x08\\x00\\xe9\\xcf\\x00\\x00\\x003\\xd2H\\x8d\r/\\x9e\\x08\\x00A\\xb8\\x00\\x08\\x00\\x00\\xff\\x15\\xfbF\\x08\\x00H\\x8b\\xd8H\\x85\\xc0\\x0f\\x84\\xac\\x00\\x00\\x00H\\x8d\\x15 \\x9e\\x08\\x00H\\x8b\\xc8\\xff\\x15\\x7fE\\x08\\x00H\\x85\\xc0\\x0f\\x84\\x93\\x00\\x00\\x00H\\x8b\\xc8\\xff\\x15\\xddH\\x08\\x00H\\x8d\\x15\\x16\\x9e\\x08\\x00H\\x8b\\xcbH\\x89\\x05\\x04I\\x12\\x00\\xff\\x15VE\\x08\\x00H\\x85\\xc0tnH\\x8b\\xc8\\xff\\x15\\xb8H\\x08\\x00H\\x8d\\x15\t\\x9e\\x08\\x00H\\x8b\\xcbH\\x89\\x05\\xe7H\\x12\\x00\\xff\\x151E\\x08\\x00H\\x85\\xc0tIH\\x8b\\xc8\\xff\\x15\\x93H\\x08\\x00H\\x8d\\x15\\xfc\\x9d\\x08\\x00H\\x8b\\xcbH\\x89\\x05\\xcaH\\x12\\x00\\xff\\x15\\x0cE\\x08\\x00H\\x85\\xc0t$H\\x8b\\xc8\\xff\\x15nH\\x08\\x00H\\x89\\x05\\xb7H\\x12\\x00\\xf0\\x83\\x0c$\\x00H\\x8b\\x0f\\xc6"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1518
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1519
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xbfA:\\xc3w*\\x0f\\xbe\\xd1\\x83\\xea7\\x83\\xfa\ns\\x1f\\x8d\\x04\\x9bA\\xb1\\x01\\x8d\\x1cB;\\xdd\\x7f\rA\\x8a\\x08I\\xff\\xc0L\\x89\\x07\\x8a\\xd1\\xeb\\xb0\\xbbQ\\x14\\x00\\x00\\x8dA\\xd0<\tw\\x08\\x0f\\xbe\\xc1\\x83\\xe80\\xeb\\x1e\\x8dA\\x9fA:\\xc3w\\x08\\x0f\\xbe\\xc1\\x83\\xe8W\\xeb\\x0e\\x8dA\\xbfA:\\xc3w\\x16\\x0f\\xbe\\xc1\\x83\\xe87\\x83\\xf8\ns\\x0bA\\x8a\\x08I\\xff\\xc0L\\x89\\x07\\xeb\\xc3A\\x80\\xfa-u\\x02\\xf7\\xdbE\\x84\\xc9u)I\\xff\\xc8L\\x89\\x07\\x84\\xc9t\\x15A8\\x08t\\x10\\xe8\\x98\\xb0\\xff\\xff\\xc7\\x00\\x16\\x00\\x00\\x00\\xe8\\x01c\\xff\\xffL\\x897M\\x8dF\\x01A\\x8a\\x0eI\\xff\\xc8L\\x89\\x07\\x84\\xc9t\\x15A8\\x08t\\x10\\xe8o\\xb0\\xff\\xff\\xc7\\x00\\x16\\x00\\x00\\x00\\xe8\\xd8b\\xff\\xffI;\\xf7t\\x16H\\x8dF\\xff\\x808\\x00u\\x08H\\x8b\\xf0I;\\xc7u\\xefI;\\xf7u\\x07\\xb8\\x02\\x00\\x00\\x00\\xebk;\\xdd\\x7f>\\xba\\xb0\\xeb\\xff\\xff;\\xda|.A\\x8a\\xc5\\xf6\\xd8\\x1b\\xc9\\x83\\xe1\\x03\\xff\\xc1\\x0f\\xafL"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1520
          },
          {
            "timestamp": "2026-06-28 21:56:16,230",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1521
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\xe8 \\xb1\\xfe\\xff\\xc7\\x00\t\\x00\\x00\\x00\\xe8\\x89c\\xfe\\xff\\xeb\\xb0H\\x8b\\xc6L\\x8b\\xfeI\\xc1\\xff\\x06H\\x8d\r\\xeaP\\x10\\x00\\x83\\xe0?L\\x8d,\\xc0J\\x8b\\x04\\xf9B\\xf6D\\xe88\\x01t\\xc2A\\x81\\xfe\\xff\\xff\\xff\\x7fv\\x15\\xe8\\xc1\\xb0\\xfe\\xff\\x83 \\x00\\xe8\\xd9\\xb0\\xfe\\xff\\xc7\\x00\\x16\\x00\\x00\\x00\\xeb\\xb7\\x8b\\xce\\xe8\\xbeV\\xff\\xff\\x83\\xcb\\xffH\\x8d\\x05\\xa8P\\x10\\x00J\\x8b\\x04\\xf8B\\xf6D\\xe88\\x01u\\x15\\xe8\\xaf\\xb0\\xfe\\xff\\xc7\\x00\t\\x00\\x00\\x00\\xe8\\x84\\xb0\\xfe\\xff\\x83 \\x00\\xeb\\x0fE\\x8b\\xc6I\\x8b\\xd4\\x8b\\xce\\xe8\\x12\\x00\\x00\\x00\\x8b\\xd8\\x8b\\xce\\xe8eW\\xff\\xff\\x8b\\xc3\\xe9\"\\xff\\xff\\xff\\xcc\\xccH\\x89\\$\\x18H\\x89T$\\x10UVWATAUAVAWH\\x83\\xec`Lc\\xe9L\\x8b\\xcaE\\x8b\\xe0A\\x83\\xfd\\xfeu\\x19\\xe83\\xb0\\xfe\\xff3\\xf6\\x890\\xe8J\\xb0\\xfe\\xff\\xc7\\x00\t\\x00\\x00\\x00\\xe9\\xf1\\x03\\x00\\x003\\xf6\\x85\\xc9\\x0f\\x88\\xd0\\x03\\x00\\x00D;-\\x16T\\x10\\x00\\x0f\\x83\\xc3\\x03\\x00\\x00I\\x8b"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1522
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1523
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xe7\\xff\\x90H\\x8d\\x8e \\x01\\x00\\x00H\\x8b\\x01H\\x89D$0H\\x85\\xc0t\\x06\\xe8\\x12S\\xea\\xff\\x90H\\x8b\\x86\\x18\\x01\\x00\\x00H\\x89\\x84$h\\x01\\x00\\x00H\\x83\\xf8\\x07v&L\\x8b\\x86\\x18\\x01\\x00\\x00L\\x89\\x84$h\\x01\\x00\\x00H\\x8d\\x8e\\x00\\x01\\x00\\x00H\\x8b\\x11H\\x89\\x94$P\\x01\\x00\\x00\\xe8\\xa6u\\xe7\\xffH\\x8b\\x86\\xf8\\x00\\x00\\x00H\\x89\\x84$H\\x01\\x00\\x00H\\x85\\xc0t\\x15H\\x8b\\x8e\\xf8\\x00\\x00\\x00H\\x89\\x8c$H\\x01\\x00\\x00\\xe8~\\xfd\\xe5\\xff\\x90H\\x8d\\xbe\\xc8\\x00\\x00\\x00H\\x83?\\x00\\x0f\\x84\\xa4\\x00\\x00\\x00H\\x8b\\x07H\\x89\\x84$\\x10\\x01\\x00\\x00E3\\xf6L\\x89\\xb6\\xa8\\x02\\x00\\x00H\\x8b\\x07H\\x89\\x84$\\x10\\x01\\x00\\x00H\\x8b\\x00H\\x8b\\x0fH\\x89\\x8c$\\x10\\x01\\x00\\x00L\\x8d\\x86\\xa8\\x02\\x00\\x00H\\x8d\\x15\\x90\\x1c\\x07\\x00H\\x8b@\\x18\\xff\\x156M\\x05\\x00H\\x8b\\x86\\xa8\\x02\\x00\\x00H\\x89\\x84$\\x00\\x01\\x00\\x00H\\x89\\x86\\xa0\\x02\\x00\\x00H\\x85\\xc0t#H\\x8b\\x96\\xd0\\x00\\x00\\x00H\\x89\\x94$\\x18\\x01"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1524
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1525
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00H\\x83\\xc40]\\xc3\\xcc\\xcc\\xcc@U\\xb8 \\x00\\x00\\x00\\xe8\\xf4\\xf6\\xfb\\xffH+\\xe0H\\x8b\\xeaH\\x8dM H\\x83\\xc4 ]\\xe9\\x00\\xcc\\xe5\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\xd4\\xf6\\xfb\\xffH+\\xe0H\\x8b\\xeaH\\x8dM H\\x83\\xc4 ]\\xe9\\x00\\xbe\\xe5\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\xb4\\xf6\\xfb\\xffH+\\xe0H\\x8b\\xeaH\\x8bM H\\x83\\xc4 ]\\xe9\\xc0\\xcb\\xe5\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\x94\\xf6\\xfb\\xffH+\\xe0H\\x8b\\xeaL\\x8d\r\\xd7\\x07\\xea\\xffA\\xb8\\x01\\x00\\x00\\x00\\xba\\x18\\x00\\x00\\x00H\\x8dM@\\xe8\\xe3\\xf0\\xfb\\xffH\\x83\\xc4 ]\\xc3@U\\xb8 \\x00\\x00\\x00\\xe8a\\xf6\\xfb\\xffH+\\xe0H\\x8b\\xeaH\\x8b\\x8d\\xd8\\x00\\x00\\x00H\\x83\\xc4 ]\\xe9\\x8a\\xbd\\xe5\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc@U\\xb8 \\x00\\x00\\x00\\xe84\\xf6\\xfb\\xffH+\\xe0H\\x8b\\xeaH\\x8dM H\\x83\\xc4 ]\\xe9\\xf0\\x04\\xe5\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\x14\\xf6\\xfb\\xffH+\\xe0H\\x8b\\xea"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1526
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xe0H\\x8b\\xeaH\\x8d\\x8d\\x90\\x00\\x00\\x00H\\x83\\xc4 ]\\xe9\\xc9\\x05\\xe4\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\xed\\xf6\\xfa\\xffH+\\xe0H\\x8b\\xeaH\\x8dMhH\\x83\\xc4 ]\\xe9\\xa9\\x05\\xe4\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\xcd\\xf6\\xfa\\xffH+\\xe0H\\x8b\\xeaH\\x8d\\x8d\\x90\\x00\\x00\\x00H\\x83\\xc4 ]\\xe9\\x86\\x05\\xe4\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\xaa\\xf6\\xfa\\xffH+\\xe0H\\x8b\\xeaH\\x8dMhH\\x83\\xc4 ]\\xe9f\\x05\\xe4\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\x8a\\xf6\\xfa\\xffH+\\xe0H\\x8b\\xeaH\\x8dMHH\\x83\\xc4 ]\\xe9\\xd6\\xf4\\xe3\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc@U\\xb8 \\x00\\x00\\x00\\xe8d\\xf6\\xfa\\xffH+\\xe0H\\x8b\\xeaH\\x8d\\x8d\\x80\\x00\\x00\\x00H\\x83\\xc4 ]\\xe9\\xdd\\x18\\xe4\\xff@U\\xb8 \\x00\\x00\\x00\\xe8A\\xf6\\xfa\\xffH+\\xe0H\\x8b\\xea\\x8bE \\x83\\xe0\\x01\\x85\\xc0t\r\\x83e \\xfeH\\x8dM(\\xe8\\xf4\\x04\\xe4\\xffH\\x83\\xc4 ]\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc@U"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1527
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1528
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "H+\\xe0H\\x8b\\xeaH\\x8d\\x8dX\\x01\\x00\\x00H\\x83\\xc4 ]\\xe9\\xb7\\xa7\\xe4\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\xeb\\xf6\\xf9\\xffH+\\xe0H\\x8b\\xeaH\\x8d\\x8d\\xe8\\x00\\x00\\x00H\\x83\\xc4 ]\\xe9\\x94\\xa7\\xe4\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\xc8\\xf6\\xf9\\xffH+\\xe0H\\x8b\\xeaH\\x8d\\x8d\\x98\\x00\\x00\\x00H\\x83\\xc4 ]\\xe9\\x11'\\xf0\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\xa5\\xf6\\xf9\\xffH+\\xe0H\\x8b\\xea\\xbaX\\x00\\x00\\x00H\\x8bMX\\xe8\\xcd\\xe9\\xf9\\xffH\\x83\\xc4 ]\\xc3@U\\xb8 \\x00\\x00\\x00\\xe8\\x7f\\xf6\\xf9\\xffH+\\xe0H\\x8b\\xeaH\\x8bMXH\\x83\\xc4 ]\\xe9;\\xfd\\xe2\\xff@U\\xb8 \\x00\\x00\\x00\\xe8_\\xf6\\xf9\\xffH+\\xe0H\\x8b\\xeaH\\x8bM@H\\x83\\xc4 ]\\xe9;C\\xe7\\xff@U\\xb8 \\x00\\x00\\x00\\xe8?\\xf6\\xf9\\xffH+\\xe0H\\x8b\\xeaH\\x8dM@H\\x83\\xc4 ]\\xe9\\xeb\\xa6\\xe4\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\x1f\\xf6\\xf9\\xffH+\\xe0H\\x8b\\xeaH\\x8d\\x8d\\x88\\x00\\x00\\x00H\\x83\\xc4 "
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1529
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1530
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "H+\\xe0H\\x8b\\xeaH\\x8dMHH\\x83\\xc4 ]\\xe9\\xda\\xf9\\xe2\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\xee\\xf6\\xf8\\xffH+\\xe0H\\x8b\\xeaH\\x8dM8H\\x83\\xc4 ]\\xe9:\\xf5\\xe1\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc@U\\xb8 \\x00\\x00\\x00\\xe8\\xc4\\xf6\\xf8\\xffH+\\xe0H\\x8b\\xeaH\\x8dMHH\\x83\\xc4 ]\\xe9\\x90\\xf9\\xe2\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\xa4\\xf6\\xf8\\xffH+\\xe0H\\x8b\\xeaH\\x8bMhH\\x83\\xc4 ]\\xe9p\\xf9\\xe2\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\x84\\xf6\\xf8\\xffH+\\xe0H\\x8b\\xeaH\\x8dM@H\\x83\\xc4 ]\\xe9@\\x05\\xe2\\xff@U\\xb8 \\x00\\x00\\x00\\xe8d\\xf6\\xf8\\xffH+\\xe0H\\x8b\\xeaH\\x8d\\x8d\\x90\\x00\\x00\\x00H\\x83\\xc4 ]\\xe9\\xad\\xf4\\xe1\\xff@U\\xb8 \\x00\\x00\\x00\\xe8A\\xf6\\xf8\\xffH+\\xe0H\\x8b\\xeaH\\x8dM@H\\x83\\xc4 ]\\xe9\\xfd\\x04\\xe2\\xff@U\\xb8 \\x00\\x00\\x00\\xe8!\\xf6\\xf8\\xffH+\\xe0H\\x8b\\xeaH\\x8dM@H\\x83\\xc4 ]\\xe9\\xdd\\x04\\xe2"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1531
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1532
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xe9\\xd9\\x05\\xe1\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc@U\\xb8 \\x00\\x00\\x00\\xe8\\xf4\\xf6\\xf7\\xffH+\\xe0H\\x8b\\xeaH\\x8b\\x8d\\x80\\x00\\x00\\x00H\\x83\\xc1PH\\x83\\xc4 ]\\xe9\\xa9\\x05\\xe1\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc@U\\xb8 \\x00\\x00\\x00\\xe8\\xc4\\xf6\\xf7\\xffH+\\xe0H\\x8b\\xeaH\\x8dM(H\\x83\\xc4 ]\\xe9\\x00\\x01\\xe1\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\xa4\\xf6\\xf7\\xffH+\\xe0H\\x8b\\xeaH\\x8dM H\\x83\\xc4 ]\\xe9\\xb0q\\xf7\\xff@U\\xb8 \\x00\\x00\\x00\\xe8\\x84\\xf6\\xf7\\xffH+\\xe0H\\x8b\\xeaH\\x8d\\x8d\\xa0\\x00\\x00\\x00H\\x83\\xc4 ]\\xe9}r\\xf7\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc@U\\xb8 \\x00\\x00\\x00\\xe8T\\xf6\\xf7\\xffH+\\xe0H\\x8b\\xeaH\\x8d\\x8dP\\x01\\x00\\x00H\\x83\\xc4 ]\\xe9Mr\\xf7\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc@U\\xb8 \\x00\\x00\\x00\\xe8$\\xf6\\xf7\\xffH+\\xe0H\\x8b\\xeaH\\x8d\\x8d\\x00\\x02\\x00\\x00H\\x83\\xc4 ]\\xe9\\x1dr\\xf7"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1533
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1534
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": " \\x80\\x01\\x00\\x00\\x00q\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80' \\x80\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0A \\x80\\x01\\x00\\x00\\x00\\xd8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0A \\x80\\x01\\x00\\x00\\x00\\xda\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00B \\x80\\x01\\x00\\x00\\x00\\xb1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10B \\x80\\x01\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\\x00\\x00\\x00\\x00 B \\x80\\x01\\x00\\x00\\x00\\x8f\\x00\\x00\\x00\\x00\\x00\\x00\\x000B \\x80\\x01\\x00\\x00\\x00\\xcf\\x00\\x00\\x00\\x00\\x00\\x00\\x00@B \\x80\\x01\\x00\\x00\\x00\\xd5\\x00\\x00\\x00\\x00\\x00\\x00\\x00PB \\x80\\x01\\x00\\x00\\x00\\xd2\\x00\\x00\\x00\\x00\\x00\\x00\\x00`B \\x80\\x01\\x00\\x00\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00pB \\x80\\x01\\x00\\x00\\x00\\xb9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80B \\x80\\x01\\x00\\x00\\x00\\xc4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90B \\x80\\x01\\x00\\x00\\x00\\xdc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0B \\x80\\x01\\x00\\x00\\x00C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0B \\x80\\x01\\x00\\x00\\x00\\xcc\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0B"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1535
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1536
          },
          {
            "timestamp": "2026-06-28 21:56:16,246",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "find registrationId '%s'.\\x00\\x00\\x00\\x00\\x00OnAccountChanged\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00AccountNotificationManager::OnAccountChanged\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00RevokeRegistrationsForClient: can't find registrations for clientId '%s'.\\x00\\x00\\x00\\x00\\x00\\x00\\x00AccountNotificationManagerImpl: invalid tracker while dispatching "
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1537
          },
          {
            "timestamp": "2026-06-28 21:56:16,261",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1538
          },
          {
            "timestamp": "2026-06-28 21:56:16,261",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "thm=\"http://www.w3.org/2001/04/xmlenc#sha256\"></DigestMethod><DigestValue>{PH7}</DigestValue></Reference><Reference URI=\"#Timestamp\"><Transforms><Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></Transform></Transforms><DigestMethod Algorithm"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1539
          },
          {
            "timestamp": "2026-06-28 21:56:16,261",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1540
          },
          {
            "timestamp": "2026-06-28 21:56:16,261",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8?#\\x00\\xb0?#\\x00\\xe8>#\\x00\\xc0>#\\x008?#\\x00\\x10?#\\x00\\x88?#\\x00H\\xa8\"\\x00`?#\\x00 \\xa8\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88?#\\x00H\\xa8\"\\x00`?#\\x00 \\xa8\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0@#\\x00\\xc8@#\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8@#\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0@#\\x00\\x18A#\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18A#\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@A#\\x00hA#\\x00\\x80\\xe5\"\\x00(\\xec\"\\x00\\x98\\xac"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1541
          },
          {
            "timestamp": "2026-06-28 21:56:16,261",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1542
          },
          {
            "timestamp": "2026-06-28 21:56:16,261",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x08\\x0e\\xc0d\\x1a\\x00.\\xe3d\\x1a\\x00(\\x0e\\x06e\\x1a\\x00\\x96\\x1bn\\x1a\\x00\\xb8\\x04\\x06\\x08\n\\xd83$\\x00\\x00\n\\x0c34$\\x00\\x0e\\x17\\x12hT'\\x00\\xc1\\x02)e\\x1a\\x00\\xf9\\x05\\x17\\x12 T'\\x00\\xa1\\x02If\\x1a\\x00U\\x05\\x17\\x12\\xe8S'\\x00\\x81\\x02\\x86g\\x1a\\x00\\xa5\\x04\\x17\\x12\\xa0S'\\x00a\\x02?i\\x1a\\x00\\xe9\\x03\\x13\\x12\\xd8T'\\x00\\xdaj\\x1a\\x00\\xb5\\x03\\x17\\x12\\x00U'\\x00A\\x02\rk\\x1a\\x00\\xf9\\x02\\x11\\x80\\xa8l\\x1a\\x00=\\x02\\x02\\x13\\x12\\xd8T'\\x00;n\\x1a\\x00\\x9d\\x06\\x06\n\\x00\\xc9\\x06\\x02D\n\\x19\\x14\\x03\\x00\\x14b\\x07P\\x060\\x00\\x00\\xf4;\\x17\\x00\\4$\\x00)f4$\\x00\\xbe4$\\x00\\xb0\"\\x08\\x0e\\x03f\\x1a\\x00.)f\\x1a\\x00^@g\\x1a\\x00.fg\\x1a\\x00\\xae\\xd9h\\x1a\\x00\\xd6\\xf9h\\x1a\\x00.\\x1fi\\x1a\\x00M\\x02tj\\x1a\\x00\\xad\\x02\\x94j\\x1a\\x006\\xbaj\\x1a\\x00]\\x03Bl\\x1a\\x00\\xbd\\x03bl\\x1a\\x006\\x88l\\x1a\\x00m\\x04\\xd5m\\x1a"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1543
          },
          {
            "timestamp": "2026-06-28 21:56:16,261",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1544
          },
          {
            "timestamp": "2026-06-28 21:56:16,261",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "%\\x00)\\x863%\\x00\\xbe3%\\x00\\xd0\n\\x16\\x022\\x02D\\x044\\x06\\x1a\\x04\\x00\\x00\\x00\\x19\\x13\\x02\\x00\\x13\\x92\\x06P\\xf4;\\x17\\x00\\xdc3%\\x00)\\x863%\\x00\\xe63%\\x00\\xd0\\x08\\x16\\x02R\\x02<\\x08\\x1a\n\\x00\\x01\\x1b\\x08\\x00\\x1bT\r\\x00\\x1b4\n\\x00\\x1bR\\x0e\\xe0\\x0cp\\x0b`\\x11\\x0f\\x02\\x00\\x0fR\\x020\\xf4;\\x17\\x00\\x144%\\x00(\\x1d4%\\x00#4%\\x00\\x02\\x0e0\\xf8\\x1b\\x00\\x06\\x0e\\x00L\\x02@\\x00\\x00\\x00\\x11\\x13\\x04\\x00\\x134\n\\x00\\x13r\\x06p\\xf4;\\x17\\x00@4%\\x00(I4%\\x00\\x87i$\\x00\\x02\\x0e`\\xf8\\x1b\\x00\\x00\\x11\r\\x01\\x00\rB\\x00\\x00\\xf4;\\x17\\x00`4%\\x00(i4%\\x00o4%\\x00\\x02\\x0e\\x80\\xf8\\x1b\\x00\\x04\n\\x00\\xac\\x02\\x19%\\x06\\x00\\x164\\x0e\\x00\\x16\\x92\t\\xe0\\x07p\\x06`\\xac!\\x17\\x00H\\x00\\x00\\x00\\x19\"\\x04\\x00\\x134\\x0e\\x00\\x13\\xb2\\x06p(\"\\x17\\x00\\xa44%\\x00Z\\x00\\x00\\x00(\\xad4%\\x00\\xb34%\\x00\\x02\\x0e\\xb0\\xf8\\x1b"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1545
          },
          {
            "timestamp": "2026-06-28 21:56:16,261",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1546
          },
          {
            "timestamp": "2026-06-28 21:56:16,261",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00D*\\x00\\xb4\\x02*\\x04\\x01\\x02\\x02\\xe8\\x08>\n.\\x0e\\xf6\\x08>\\x12.\\x16p\\x08A\\x02\\x1a>\\x1c. >\"\\xc8\\x1a>$.(>\"\\xf4\\x1a>*..>\"p\\x1a\\xde0@206R\"<\\x10 0^\"<\\x10N\\x00.\\x02\\x00\\x00\\x19)\n\\x00\\x1a\\x01\\x11\\x00\r\\xf0\\x0b\\xe0\t\\xd0\\x07\\xc0\\x05p\\x04`\\x03P\\x020(\"\\x17\\x00 4&\\x00r\\x00\\x00\\x00()4&\\x0044&\\x00\\x04\\x0e@0\\x1e\\x00.`0\\x1e\\x00\\x0e$\\x00\\xca\\x028\\x00d\\x04\\x9c\\x02H\\x04R\\x00\\x00\\x19,\t\\x00\\x1e4#\\x00\\x1e\\x01\\x1a\\x00\\x0c\\xf0\n\\xe0\\x08p\\x07`\\x06P\\x00\\x00(\"\\x17\\x00h4&\\x00\\xc2\\x00\\x00\\x00(q4&\\x00\\x9a4&\\x00\\x10\\x0e\\x800\\x1e\\x006\\x14>\\x17\\x00V\\xa00\\x1e\\x00.\\xc30\\x1e\\x00V\\xe30\\x1e\\x00~\\x14>\\x17\\x00V\\x031\\x1e\\x00.&1\\x1e\\x00&,\\x00\\xde\\x02\\xac\\x04\\xe4\\x064\\x08\\xb0\\x06\\xaa\n2\\x0c\\x9e\n2\\x0c\\x15\\x02\\x0e"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1547
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1548
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x02\\x00\\x00\\x00\\x12\\x00\\x00\\x00\n\\x00\\x00\\x00!\\x00\\x00\\x00\"\\x00\\x00\\x002\\x00\\x00\\x00*\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x0b\\x00\\x00\\x00#\\x00\\x00\\x003\\x00\\x00\\x00+\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\x92\\x00\\x00\\x00\\x93\\x00\\x00\\x00\\xa2\\x00\\x00\\x00\\xb2\\x00\\x00\\x00\\xb3\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\xa2\\xdf-\\x99+\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xcd] \\xd2f\\xd4\\xff\\xffu\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1549
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1550
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "@Foundation@Windows@winrt@@PEAUHWND__@@AEBV?$shared_ptr@VUri@Msai@@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@7@@std@@U?$IAsyncOperation@UWebAccountProvider@Credentials@Security@Windows@winrt@@@Foundation@Windows@winrt@@UIAsyncInf"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1551
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1552
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 1553
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "@VAccountsControlOperation@Msai@@@7@@std@@UIAsyncInfo@Foundation@Windows@winrt@@@impl@winrt@@\\x00`\\xc9\\x1f\\x80\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.?AU?$promise_base@Upromise_type@?$coroutine_traits@UIAsyncAction@Foundation@Windows@winrt@@PEAUHWND__@@AEBV?$shared_ptr@VUri@Msai@@@std@@V?$share"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1554
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1555
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x11\\x00\\x8c\\xfd\\x11\\x00\\xecJ&\\x00\\x90\\xfd\\x11\\x00\\x98\\x01\\x12\\x00\\x14K&\\x00\\xa0\\x01\\x12\\x00\\xcf\\x01\\x12\\x00\\xd85$\\x00\\xcf\\x01\\x12\\x00\\x16\\x02\\x12\\x00\\xe8K&\\x00\\x16\\x02\\x12\\x00-\\x02\\x12\\x00\\xfcK&\\x000\\x02\\x12\\x00\\x00\\x05\\x12\\x00\\x0cL&\\x00\\x00\\x05\\x12\\x00\\xb8\\x06\\x12\\x00pL&\\x00\\xc0\\x06\\x12\\x00\\xec\\x06\\x12\\x00\\x90L&\\x00\\xec\\x06\\x12\\x00'\\x07\\x12\\x00\\x9cL&\\x00'\\x07\\x12\\x00/\\x07\\x12\\x00\\xb0L&\\x000\\x07\\x12\\x00\\xc4\\x07\\x12\\x0086$\\x00\\xd0\\x07\\x12\\x00E\r\\x12\\x00\\xc0L&\\x00P\r\\x12\\x00\\xbc\\x0e\\x12\\x00\\x94M&\\x00\\xc0\\x0e\\x12\\x00#\\x0f\\x12\\x00\\xcc5$\\x000\\x0f\\x12\\x00{\\x0f\\x12\\x00\\xcc5$\\x00\\x80\\x0f\\x12\\x00\\x98\\x15\\x12\\x00\\xdcM&\\x00\\xa0\\x15\\x12\\x00x\\x17\\x12\\x00\\xb0N&\\x00\\x80\\x17\\x12\\x00n\\x19\\x12\\x00\\x10O&\\x00p\\x19\\x12\\x00\\xa7\\x1e\\x12\\x00tO&\\x00\\xb0\\x1e\\x12\\x00\\x1f\\x1f\\x12\\x00(P&\\x00 \\x1f\\x12\\x00\\xae\\x1f\\x12\\x00\\x086$\\x00\\xb0\\x1f\\x12\\x00\\xcd\\x1f"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1556
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1557
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x1c\\x00d2$\\x00\\xf1\\x83\\x1c\\x00\\x14\\x84\\x1c\\x00d2$\\x00\\x14\\x84\\x1c\\x007\\x84\\x1c\\x00d2$\\x007\\x84\\x1c\\x00Z\\x84\\x1c\\x00d2$\\x00Z\\x84\\x1c\\x00}\\x84\\x1c\\x00d2$\\x00\\x80\\x84\\x1c\\x00\\xa3\\x84\\x1c\\x00d2$\\x00\\xa3\\x84\\x1c\\x00\\xc3\\x84\\x1c\\x00d2$\\x00\\xc3\\x84\\x1c\\x00\\xe3\\x84\\x1c\\x00d2$\\x00\\xe3\\x84\\x1c\\x00\\x06\\x85\\x1c\\x00d2$\\x00\\x06\\x85\\x1c\\x00)\\x85\\x1c\\x00d2$\\x000\\x85\\x1c\\x00T\\x85\\x1c\\x00d2$\\x00T\\x85\\x1c\\x00x\\x85\\x1c\\x00d2$\\x00\\x80\\x85\\x1c\\x00\\xa0\\x85\\x1c\\x00d2$\\x00\\xa0\\x85\\x1c\\x00\\xc0\\x85\\x1c\\x00d2$\\x00\\xc0\\x85\\x1c\\x00\\xe0\\x85\\x1c\\x00d2$\\x00\\xe0\\x85\\x1c\\x00\\x00\\x86\\x1c\\x00d2$\\x00\\x00\\x86\\x1c\\x00#\\x86\\x1c\\x00d2$\\x00#\\x86\\x1c\\x00F\\x86\\x1c\\x00d2$\\x00F\\x86\\x1c\\x00i\\x86\\x1c\\x00d2$\\x00i\\x86\\x1c\\x00\\x8c\\x86\\x1c\\x00d2$\\x00\\x8c\\x86\\x1c\\x00\\xac\\x86\\x1c\\x00d2$\\x00\\xac\\x86\\x1c\\x00\\xcf\\x86\\x1c\\x00d2"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1558
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1559
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01"
              },
              {
                "name": "Length",
                "value": "32774"
              }
            ],
            "repeated": 0,
            "id": 1560
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00i>b\\xa4\\xb6\\xda\\x01\\x00i>b\\xa4\\xb6\\xda\\x01\\x00i>b\\xa4\\xb6\\xda\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1561
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 1562
          },
          {
            "timestamp": "2026-06-28 21:56:16,277",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1563
          },
          {
            "timestamp": "2026-06-28 21:56:16,293",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1564
          },
          {
            "timestamp": "2026-06-28 21:56:16,293",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f0"
              }
            ],
            "repeated": 0,
            "id": 1565
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1566
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\"
              }
            ],
            "repeated": 0,
            "id": 1567
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\"
              }
            ],
            "repeated": 0,
            "id": 1568
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native"
              }
            ],
            "repeated": 0,
            "id": 1569
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native"
              }
            ],
            "repeated": 0,
            "id": 1570
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64"
              }
            ],
            "repeated": 0,
            "id": 1571
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64"
              }
            ],
            "repeated": 0,
            "id": 1572
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8ee52",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native"
              }
            ],
            "repeated": 0,
            "id": 1573
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8ee52",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\"
              }
            ],
            "repeated": 0,
            "id": 1574
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1575
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1576
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x160\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1577
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x160\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1578
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x160\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1579
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1580
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x01\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1aX\\xd2\\xe4^9\\xbc\\xb7^9\\xbc\\xb7^9\\xbc\\xb7\\x15A\\xbf\\xb6\\9\\xbc\\xb7\\x15A\\xb9\\xb6\\xea9\\xbc\\xb7^9\\xbc\\xb7_9\\xbc\\xb7\\x9c\\xb8\\xb8\\xb6O9\\xbc\\xb7\\x9c\\xb8\\xbf\\xb6Q9\\xbc\\xb7\\x15A\\xb8\\xb6D9\\xbc\\xb7\\x15A\\xba\\xb6_9\\xbc\\xb7\\x9c\\xb8\\xb9\\xb689\\xbc\\xb7\\x15A\\xbd\\xb6C9\\xbc\\xb7^9\\xbd\\xb7`8\\xbc\\xb7\\xad\\xbb\\xb9\\xb6_9\\xbc\\xb7\\xad\\xbb\\xb5\\xb6\\xbd9\\xbc\\xb7\\xad\\xbb\\xbc\\xb6_9\\xbc\\xb7\\xad\\xbbC\\xb7_9\\xbc\\xb7"
              },
              {
                "name": "Length",
                "value": "32762"
              }
            ],
            "repeated": 0,
            "id": 1581
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1582
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\n\\xaaQ\\x10\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\x1f \\x03\\xd5@\\x17@\\xf9`\\x00\\x00\\xb4\\xa8\\xe8\\xff\\x97\\x1f \\x03\\xd5@G@\\xf9`\\x00\\x00\\xb4\\xa4\\xe8\\xff\\x97\\x1f \\x03\\xd5@O@\\xf9`\\x00\\x00\\xb4\\xa0\\xe8\\xff\\x97\\x1f \\x03\\xd5Ho@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T@c@\\xf9\\x01\\x05\\x00\\x91\\xab\\xc7\\x06\\x94\\xe8\\x01\\x80\\xd2_\\x03\\x039_#\r\\xa9\\x95\\x00\\x00\\xb4\\xe0\\x03\\x15\\xaa\\x93\\xe8\\xff\\x97\\x1f \\x03\\xd5@W@\\xf9`\\x00\\x00\\xb4\\x8f\\xe8\\xff\\x97\\x1f \\x03\\xd5@_@\\xf9`\\x00\\x00\\xb4\\x8b\\xe8\\xff\\x97\\x1f \\x03\\xd5\\x00\\x00\\x80\\xd2\\x02\\x00\\x00\\x14@\\x13@\\xf9\\xff\\xc3\\x03\\x91\\xf3\\xe0\\xff\\x97\\xfb+@\\xf9\\xf9kD\\xa9\\xf7cC\\xa9\\xf5[B\\xa9\\xf3SA\\xa9\\xfd{\\xc6\\xa8\\xc0\\x03_\\xd6\\x03\\xe9\\xff\\x97\\x02\\xe9\\xff\\x97\\x1f \\x03\\xd5\\xe8\\x10\\x00\\xb0\\x01\\xc1+\\x91@\\x03\\x01\\x91\\x01\\xeb\\xff\\x97\\xa8\\x15\\x00\\xf0\\x01!/\\x91@\\x03\\x01\\x91\\x83\\xd1\\x06\\x94\\x1f \\x03\\xd5\\xe8\\x10\\x00\\xb0\\x01\\xc1"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1583
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1584
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xa3r\\xe0C\\x00\\x91\\x1a\\x1f\\x00\\x94(\\x15\\x00\\xf0\\x01\\xa15\\x91\\xe0C\\x00\\x91\\xba\\x91\\x06\\x94\\x00\\x00>\\xd4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf3\\x0f\\x1f\\xf8\\xfd{\\xbc\\xa9\\xfd\\x03\\x00\\x910\\x00\\x80\\x92\\xf3\\x03\\x00\\xaa\\xb0\\x0f\\x00\\xf9(\\x17\\x00\\xb0\\x00\t+\\x91\\x90\\x8b\\x06\\x94\\x1f \\x03\\xd5\\xb3\\x02\\x00\\xb4\\xe0\\x03\\x13\\xaaJ\\x02\\x00\\x94\\x08\\x1c\\x00S(\\x02\\x004\\x7f\\x02\\x00\\xb9`\n@\\xf9@\\x00\\x00\\xb4\\x94\\xa8\\xff\\x97\\x01\\x03\\x80\\xd2\\xe0\\x03\\x13\\xaa\\xa3\\x87\\x06\\x94\\x1f \\x03\\xd5\\x00\\x00\\x80\\xd2\\xfd{\\xc4\\xa8\\xf3\\x07A\\xf8\\xc0\\x03_\\xd6\\xa0\\x0b@\\xf9\\xfd{\\xc4\\xa8\\xf3\\x07A\\xf8\\xc0\\x03_\\xd6h\\x10\\x00\\xb0\\x01\\xc1+\\x91\\xa0\\x83\\x00\\x91\\x0e\\xab\\xff\\x97(\\x15\\x00\\xf0\\x01!/\\x91\\xa0\\x83\\x00\\x91\\x90\\x91\\x06\\x94\\x00\\x00>\\xd4\\xfd{\\xbb\\xa9\\xf3S\\x01\\xa9\\xf5[\\x02\\xa9\\xf7c\\x03\\xa9\\xf9#\\x00\\xf9\\xfd\\x03\\x00\\x91\\xde\\xa0\\xff\\x97\\xffC\\x01\\xd1\\xf9\\x03\\x00\\x910\\x00\\x80\\x92\\xf4\\x03\\x00\\xaa0\\x13\\x00\\xf9(\\x17\\x00\\xb0\\x00\t+\\x91\\xf7\\x03"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1585
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1586
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\n\\xa9\\xa0C\\x02\\x91\\xc8\\x13\\x07\\x94\\xa2\\x0b@\\xf9\\xa8C\\x02\\x91_h(8\\x19\\x00\\x00\\x14H\\x0c@\\xb2\\x1f\\x01\\x15\\xeb\\xc9\\x00\\x00T\\x00\\x00\\xf0\\xd2\\x18\\x00\\xf0\\x92\\xb8G\\x06\\x94\\xf9\\x03\\x00\\xaa\t\\x00\\x00\\x14\\x1fY\\x00\\xf1x3\\x88\\x9a\\x00\\x07\\x00\\x91\\x80\\x00\\x00\\xb4\\xb1G\\x06\\x94\\xf9\\x03\\x00\\xaa\\x02\\x00\\x00\\x14\\x19\\x00\\x80\\xd2\\xa2\\x0b@\\xf9\\xe1\\x03\\x13\\xaa\\xb9K\\x00\\xf9\\xe0\\x03\\x19\\xaa\\xa2c\n\\xa9\\xae\\x13\\x07\\x94\\xa2\\x0b@\\xf9_h98\\xa2\\x83\\x01\\x91\\xa1C\\x02\\x91\\xe0\\x03\\x16\\xaa\\xfc\\x07\\x00\\x94\\xa8W@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T\\xa0K@\\xf9\\x01\\x05\\x00\\x91\\x9aG\\x06\\x94\\xa8?@\\xf9\\xbf_\n\\xa9\\xbfC\\x029\\x1f=\\x00\\xf1\\x89\\x00\\x00T\\xa03@\\xf9\\x01\\x05\\x00\\x91\\x92G\\x06\\x94\\x80\\x02@\\xf9\\xbf_\\x07\\xa9\\xbf\\x83\\x019\\x08\\x00@\\xf9\\x08\\x11@\\xf9\\xef\\x03\\x08\\xaaQ\\x0f\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\xe1\\x03\\x00*\\xa0C\\x03\\x91;q\\x00\\x94\\x08\\x10\\x00\\x90\\x13A\\x08\\x91\\x10\\xe4"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1587
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1588
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x08\\x0bI\\xfd\\x11\\x88\\xb1\\xff\\xff5\\xbf;\\x03\\xd5\t\\x01\\x005\\x08\\x00@\\xf9\\x08\\x05@\\xf9\\xef\\x03\\x08\\xaa\\xd1\\x0e\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\xfd{\\xc1\\xa8\\xf5\\x0b@\\xf9\\xf3S\\xc2\\xa8\\xc0\\x03_\\xd6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf3\\x0f\\x1f\\xf8\\xfd{\\xbf\\xa9\\xfd\\x03\\x00\\x91\\xf3\\x03\\x00\\xaaH\\x16\\x00\\x90\\x00\\xb9\\x1d\\x91\\x8a\\x0b\\x06\\x94`B\\x00\\x91z\\x16\\x01\\x94\\xfd{\\xc1\\xa8\\xf3\\x07A\\xf8\\xc0\\x03_\\xd6\\xf3\\x0f\\x1f\\xf8\\xfd{\\xbf\\xa9\\xfd\\x03\\x00\\x91H\\x0f\\x00\\x90\\x08a\\x0c\\x91\\xf3\\x03\\x00\\xaah\\x02\\x00\\xf9a\\x00\\x006\\x01!\\x80\\xd2\\x9b\\x07\\x06\\x94\\xe0\\x03\\x13\\xaa\\xfd{\\xc1\\xa8\\xf3\\x07A\\xf8\\xc0\\x03_\\xd6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf3\\x0f\\x1f\\xf8\\xfd{\\xbf\\xa9\\xfd\\x03\\x00\\x91H\\x0f\\x00\\x90\\x08!\\x0b\\x91\\xf3\\x03\\x00\\xaah\\x02\\x00\\xf9a\\x00\\x006\\x01\\x07\\x80\\xd2\\x8b\\x07\\x06\\x94\\xe0\\x03\\x13\\xaa\\xfd{\\xc1\\xa8\\xf3\\x07A\\xf8\\xc0\\x03_\\xd6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf3\\x0f\\x1f\\xf8\\xfd{\\xbf\\xa9\\xfd\\x03"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1589
          },
          {
            "timestamp": "2026-06-28 21:56:16,308",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1590
          },
          {
            "timestamp": "2026-06-28 21:56:16,324",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x91\\xbf\\xd1\\x05\\x94\\xe0\\x03\\x00\\x91\\xe1\\xe4\\xff\\x97\\xc8\\x13\\x00\\x90\\x01\\x81\\x1d\\x91\\xe0\\x03\\x00\\x91\\xb9\\xd1\\x05\\x94\\xe0\\x03\\x00\\x91\\xdb\\xe4\\xff\\x97\\xc8\\x13\\x00\\x90\\x01\\x81\\x1d\\x91\\xe0\\x03\\x00\\x91\\xb3\\xd1\\x05\\x94\\xe0\\x03\\x00\\x91\\xd5\\xe4\\xff\\x97\\xc8\\x13\\x00\\x90\\x01\\x81\\x1d\\x91\\xe0\\x03\\x00\\x91\\xad\\xd1\\x05\\x94\\xe0\\x03\\x00\\x91\\xcf\\xe4\\xff\\x97\\xc8\\x13\\x00\\x90\\x01\\x81\\x1d\\x91\\xe0\\x03\\x00\\x91\\xa7\\xd1\\x05\\x944\\xf0\\x05\\x94\\x08\\x0f\\x00\\xb0\\x01\\x81/\\x91\\xe0\\x03\\x00\\x91\\xe6\\xe4\\xff\\x97\\xc8\\x13\\x00\\x90\\x01\\x01\\x16\\x91\\xe0\\x03\\x00\\x91\\x9e\\xd1\\x05\\x94\\x00\\x00>\\xd4\\xf3S\\xbe\\xa9\\xf5\\x0b\\x00\\xf9\\xfd{\\xbd\\xa9\\xfd\\x03\\x00\\x91\\xa8\\x15\\x00\\xf0\\x00\\x056\\x91\\xf3\\x03\\x01\\xaa\\xf4\\x03\\x02\\xaa\\xf5\\x03\\x03\\xaau\\xcb\\x05\\x94\\xe8\\x0e\\x00\\xb0\\x08\\x013\\x91\\x8a\\x02\\x15\\x8b\\xbf\\x16\\x00\\xf1\\x03\t\\x00TK\\x15\\x00\\xd1\\x9f\\x02\\x0b\\xeb\\xa8\\x08\\x00T\\x89\\x06\\x00\\x91\\x8cV@8n6@\\xa9\\x8c\\xfdC\\xd3\\x8ci\\xe88\\x9f\\x02\\x0b\\xeb\\xcci-8o2@\\xa9\\x8e\\x05\\x00\\x91n\\x06\\x00\\xf9\\x8c\\xb2"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1591
          },
          {
            "timestamp": "2026-06-28 21:56:16,324",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1592
          },
          {
            "timestamp": "2026-06-28 21:56:16,324",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x1f2\\xc0\\x00\\x80R\\xc8N\\x00\\xb9\\xd3}\\x05\\x94\\x1f \\x03\\xd51\\xa9\\xfe\\x97\\x00\\x00>\\xd4\\x00\\x00\\x00\\x00\\xf3S\\xbe\\xa9\\xf5\\x0b\\x00\\xf9\\xfd{\\xbf\\xa9\\xfd\\x03\\x00\\x91\\xf4\\x03\\x00\\xaaH\\x15\\x00\\x90\\x00\\xad\\x1d\\x91\\x93\\x8b\\x05\\x94\\x93\\x02@\\xf9S\\x02\\x00\\xb4\\x95\\x06@\\xf9\\x7f\\x02\\x15\\xeb\\xc0\\x00\\x00T\\xe0\\x03\\x13\\xaa\"\\x84\\xff\\x97s\"\\x04\\x91\\x7f\\x02\\x15\\xeb\\x81\\xff\\xffT\\x80\\x02@\\xf9\t!\\x80\\xd2\\x88\n@\\xf9\\x08\\x01\\x00\\xcb\\x08\r\\xc9\\x9a\\x01}\t\\x9b\\xa2\\x87\\x05\\x94\\x9f~\\x00\\xa9\\x9f\n\\x00\\xf9\\xfd{\\xc1\\xa8\\xf5\\x0b@\\xf9\\xf3S\\xc2\\xa8\\xc0\\x03_\\xd6\\x00\\x00\\x00\\x00\\xf3S\\xbc\\xa9\\xf5[\\x01\\xa9\\xf7c\\x02\\xa9\\xf9\\x1b\\x00\\xf9\\xfb\\x1f\\x00\\xf9\\xfd{\\xb9\\xa9\\xfd\\x03\\x00\\x910\\x00\\x80\\x92\\xf4\\x03\\x00\\xaa\\xb0+\\x00\\xf9H\\x15\\x00\\x90\\x00\\xd9\\x1d\\x91\\xb4\\x0b\\x00\\xf9\\xb4#\\x00\\xf9\\xf3\\x03\\x01\\xaa\\xf9\\x03\\x02\\xaaj\\x8b\\x05\\x94\\xa8#@\\xf9\\x98B\\x00\\x91\\x00\n\\x80\\xd2\\x88\\x02\\x00\\xf9\\x9f\n\\x00\\xb9\\x1f\\x7f\\x00\\xa9\\x85\\x87\\x05\\x94\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1593
          },
          {
            "timestamp": "2026-06-28 21:56:16,324",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1594
          },
          {
            "timestamp": "2026-06-28 21:56:16,324",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xb8\\xa9\\xfd\\x03\\x00\\x910\\x00\\x80\\x92\\xf3\\x03\\x00\\xaa\\xb0\\x0f\\x00\\xf9\\xc8\\x14\\x00\\x90\\x00=\\x10\\x91\\xf6\\x03\\x01\\xaa\\x9aK\\x05\\x94h\\x02@9\\x1f\\x05\\x00q\\xc1\\x03\\x00Tu\\x06@\\xf9\\xb4\\x02@\\xf9\\x93\\x06@\\xf9hf\\xc09\\x88\\x01\\x005\\xe1\\x03\\x16\\xaa`\\x82\\x00\\x91\\x83\\xb3\\xfe\\x97\\x08\\x1c\\x00Sh\\x00\\x004s\n@\\xf9\\x03\\x00\\x00\\x14\\xf4\\x03\\x13\\xaas\\x02@\\xf9hf\\xc09\\xc8\\xfe\\xff4\\x88f\\xc09\\xc8\\x00\\x005\\x81\\x82\\x00\\x91\\xe0\\x03\\x16\\xaav\\xb3\\xfe\\x97\\x08\\x1c\\x00SH\\x00\\x004\\xb4\\x02@\\xf9\\x80\\x02\\x01\\x91\\xfd{\\xc8\\xa8\\xf5[A\\xa9\\xf3S\\xc2\\xa8\\xc0\\x03_\\xd6\\xe0\\x03\\x13\\xaa\\x10\\xa4\\xfe\\x97\\xa2C\\x00\\x91\\xa0\\x0b\\x00\\xf9\\xa0c\\x01\\x91B\\xac\\xfe\\x97\\xe2\\x03\\x00\\xaa!&\\x80R\\xa0\\x83\\x00\\x91x\\xac\\xfe\\x97\\xa8\\x12\\x00\\xf0\\x01\\x819\\x91\\xa0\\x83\\x00\\x91\\x8aQ\\x05\\x94\\x00\\x00>\\xd4\\xf3S\\xbf\\xa9\\xfd{\\xbe\\xa9\\xfd\\x03\\x00\\x910\\x00\\x80\\x92\\xf3\\x03\\x00\\xaa\\xb0\\x0b\\x00\\xf9\\xc8\\x14\\x00\\x90\\x00=\\x10\\x91\\xf4\\x03"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1595
          },
          {
            "timestamp": "2026-06-28 21:56:16,324",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1596
          },
          {
            "timestamp": "2026-06-28 21:56:16,324",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x80R\\xe0\\x03\\x14\\xaa$\\xfd\\x04\\x94\\x10\\xe4\\x00Ou\t\\x005\\xd4\\x02@\\xf9P\\x03\\x80=_\\x7f\\x01\\xa9\\x88\\x02@\\xf9\\x17\r@\\xf9\\xa8\r\\x00\\xb0\\x13\\x81\\x12\\x91\\xe8\\x03\\x13\\xaa\t\\x1d\\xc08\\xe9\\xff\\xff5\\x15\\x01\\x13\\xcb\\x08\\x00\\xf0\\x92\\xbf\\x02\\x08\\xeb(\\x19\\x00T\\xbf>\\x00\\xf1H\\x01\\x00T\\xe8\\x01\\x80\\xd2\\xe2\\x03\\x15\\xaaU#\\x01\\xa9\\xe1\\x03\\x13\\xaa\\xe0\\x03\\x1a\\xaa\\xb0\\xd3\\x05\\x94\\xe8\\x03\\x1a\\xaa\\xbfj(8\\x19\\x00\\x00\\x14\\xa9\\x0e@\\xb2?\\x01\\x08\\xeb\\xc9\\x00\\x00T\\x00\\x00\\xf0\\xd2\\x18\\x00\\xf0\\x92\\xa1\\x07\\x05\\x94\\xf6\\x03\\x00\\xaa\n\\x00\\x00\\x14?Y\\x00\\xf1\\xc8\\x02\\x80\\xd2\\x181\\x89\\x9a\\x00\\x07\\x00\\x91\\x80\\x00\\x00\\xb4\\x99\\x07\\x05\\x94\\xf6\\x03\\x00\\xaa\\x02\\x00\\x00\\x14\\x16\\x00\\x80\\xd2\\xe2\\x03\\x15\\xaaV\\x03\\x00\\xf9\\xe1\\x03\\x13\\xaaUc\\x01\\xa9\\xe0\\x03\\x16\\xaa\\x96\\xd3\\x05\\x94\\xbfj68\\xe4\\x03\\x1a\\xaa\\x03\\x00\\x80\\xd2\\xc2\\x00\\x80R\\xe1\\xc3\\x92R\\x81l\\xa4r@\\x03\\x01\\x91\\xe0\\x9e\\xfe\\x97\\xe1\\x03\\x00\\xaa\\xe0\\x03\\x14\\xaa\\xef\\x03\\x17\\xaa\\xd1\\x0c"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1597
          },
          {
            "timestamp": "2026-06-28 21:56:16,324",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1598
          },
          {
            "timestamp": "2026-06-28 21:56:16,324",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x03\\xd55\\xe9\\xfd\\x97\\x1f \\x03\\xd53\\xe9\\xfd\\x97\\x00\\x00>\\xd4\\x00\\x00\\x00\\x00\\xf3S\\xbc\\xa9\\xf5[\\x01\\xa9\\xf7c\\x02\\xa9\\xf9\\x1b\\x00\\xf9\\xfb\\x1f\\x00\\xf9\\xfd{\\xb8\\xa9\\xfd\\x03\\x00\\x910\\x00\\x80\\x92\\xa1'\\x00\\xf9\\xf8\\x03\\x00\\xaa\\xb0;\\x00\\xf9\\xc8\\x13\\x00\\x90\\x001\\x1f\\x91\\xa4C\\x009\\xf7\\x03\\x01\\xaa\\xf6\\x03\\x03\\xaa\\xa5\\xdf\\x05\\xa9\\x8b\\xcb\\x04\\x94\\x1f \\x03\\xd5\\x15C\\x01\\x91\\xe0\\x03\\x15\\xaa\\xb5?\\x00\\xf9\\x08\\xbd\\x04\\x94\\x80\\x17\\x005\\xa9N@\\xb9\\x08\\x00\\xb0\\x12?\\x01\\x08k@\\x17\\x00T\\xd4\"@\\xa9\\xa87\\x00\\xf9(\r\\x00\\xd0\\x1bA\\x14\\x91(\r\\x00\\xd0\\x16a\\x13\\x91\\xa87@\\xf9\\x9f\\x02\\x08\\xeb@\\x14\\x00T\\x80\\x02@\\xf9\\x08\\x00@\\xf9\\x08!@\\xf9\\xef\\x03\\x08\\xaaQ\\x0c\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\x08\\x1c\\x00S\\x88\\x08\\x005\\xa2C@9\\xe1\\x03\\x14\\xaa\\xe0\\x03\\x18\\xaa\\\\xf9\\xff\\x97\\xa8/@\\xf9\\x08\\x01@\\xf9\\xa8+\\x00\\xf9\\xc8\\x11\\x00\\xb4\\x08\\x01@\\xf9\\x10\\xe4\\x00O\\xbf\\x7f\\x03\\xa9\\xb0\\x0b"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1599
          },
          {
            "timestamp": "2026-06-28 21:56:16,324",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1600
          },
          {
            "timestamp": "2026-06-28 21:56:16,324",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x80=K5\\xfe\\x97\\xf7\\x03\\x00\\xaa\\xa8\\x0c\\x00\\xd0\\x13\\xc1\\x1b\\x91\\x10\\xe4\\x00O_\\x7f\n\\xa9\\xe8\\x03\\x13\\xaaP'\\x80=\t\\x1d\\xc08\\xe9\\xff\\xff5\\x16\\x01\\x13\\xcb\\x08\\x00\\xf0\\x92V\\x1b\\x00\\xf9\\xdf\\x02\\x08\\xeb\\xe8\"\\x00T\\xdf>\\x00\\xf1\\xa8\\x01\\x00T\\xdf>\\x00\\xf1\\xd6\\x92\\x9f\\x9a\\x9f\"\\x03\\xd5\\xe8\\x01\\x80\\xd2\\xe2\\x03\\x16\\xaaV#\n\\xa9\\xe1\\x03\\x13\\xaa@C\\x02\\x91\\xb0S\\x05\\x94HC\\x02\\x91\\xdfj(8\\x1d\\x00\\x00\\x14\\xdf>\\x00\\xf1\\xd6\\x82\\x9f\\x9a\\x9f\"\\x03\\xd5\\xc9\\x0e@\\xb2?\\x01\\x08\\xeb\\xc9\\x00\\x00T\\x00\\x00\\xf0\\xd2\\x19\\x00\\xf0\\x92\\x9e\\x87\\x04\\x94\\xfb\\x03\\x00\\xaa\n\\x00\\x00\\x14?Y\\x00\\xf1\\xc8\\x02\\x80\\xd2\\x191\\x89\\x9a \\x07\\x00\\x91\\x80\\x00\\x00\\xb4\\x96\\x87\\x04\\x94\\xfb\\x03\\x00\\xaa\\x02\\x00\\x00\\x14\\x1b\\x00\\x80\\xd2V\\x1b@\\xf9\\xe1\\x03\\x13\\xaa[K\\x00\\xf9\\xe0\\x03\\x1b\\xaa\\xe2\\x03\\x16\\xaaVg\n\\xa9\\x92S\\x05\\x94\\x7fk68\\xe3\\x03\\x17\\xaa\\xe2\\x03\\x14\\xaaAC\\x02\\x91@\\xc3\\x02\\x91\\xc0;\\xfe\\x97\\x1f \\x03\\xd5HW"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1601
          },
          {
            "timestamp": "2026-06-28 21:56:16,324",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1602
          },
          {
            "timestamp": "2026-06-28 21:56:16,324",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x91\\xf4\\x03\\x00\\xaa\\xc8\\x12\\x00\\x90\\x00\\x89\\x1d\\x91\\xf3\\x03\\x01\\xaa\\x9dK\\x04\\x94\\x88\\x12@\\xf9\\x7f~\\x00\\xa9\\xc8\\x00\\x00\\xb4\t!\\x00\\x91(}_\\x88\\x08\\x05\\x00\\x11(}\\x11\\x88\\xb1\\xff\\xff5\\x89\\xa2A\\xa9\\xe0\\x03\\x13\\xaai\"\\x00\\xa9\\xfd{\\xc1\\xa8\\xf3S\\xc1\\xa8\\xc0\\x03_\\xd6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf3\\x0f\\x1f\\xf8\\xfd{\\xbf\\xa9\\xfd\\x03\\x00\\x91\\xc8\\x0b\\x00\\xb0\\x08\\x01;\\x91\\xf3\\x03\\x00\\xaah\\x02\\x00\\xf9a\\x00\\x006\\x01\\x07\\x80\\xd2\\xa3G\\x04\\x94\\xe0\\x03\\x13\\xaa\\xfd{\\xc1\\xa8\\xf3\\x07A\\xf8\\xc0\\x03_\\xd6\\xfd{\\xbb\\xa9\\xf3S\\x01\\xa9\\xf5[\\x02\\xa9\\xf7c\\x03\\xa9\\xf9k\\x04\\xa9\\xfd\\x03\\x00\\x91\\xec`\\xfd\\x97\\xff\\x03\\x02\\xd1\\xfa\\x03\\x00\\x910\\x00\\x80\\x92P+\\x00\\xf9\\xf3\\x03\\x00\\xaa@\\x03\\x00\\xf9\\xc8\\x12\\x00\\x90\\x001\\x1f\\x91S\\x03\\x00\\xf9\\xf4\\x03\\x01\\xaa\\xf8\\x03\\x02\\xaa\\xf6\\x03\\x03\\xaa\\xf9\\x03\\x04\\xaa\\xf7\\x03\\x05\\xaa\\xf5\\x03\\x06\\xaahK\\x04\\x94\\xe0\\x03\\x14\\xaa\\xca\\xf1\\xfd\\x97\\x08\\x1c\\x00S\\xc8\\x06\\x005\\xe0\\x03\\x18\\xaa\\xc6\\xf1"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1603
          },
          {
            "timestamp": "2026-06-28 21:56:16,324",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1604
          },
          {
            "timestamp": "2026-06-28 21:56:16,340",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x004\\x88\\xc2A9\\x81\\xe2\\x01\\x91`\"\\x00\\x91h\\x02\\x009\\x88\\xc6A9h\\x06\\x009\\x156\\xfd\\x97\\x88\\xba@\\xb9hJ\\x00\\xb9(\\x00\\x80RhB\\x019\\xe0\\x03\\x13\\xaa\\xfd{\\xc2\\xa8\\xf3S\\xc1\\xa8\\xc0\\x03_\\xd6\\xf3S\\xbc\\xa9\\xf5[\\x01\\xa9\\xf7c\\x02\\xa9\\xf9\\x1b\\x00\\xf9\\xfb\\x1f\\x00\\xf9\\xfd{\\xba\\xa9\\xfd\\x03\\x00\\x91\\xa0\\x0b\\x00\\xf9\\xf4\\x03\\x00\\xaaH\\x12\\x00\\x90\\x00\\xd9\\x1d\\x910\\x00\\x80\\x92\\xf3\\x03\\x01\\xaa\\xb0S\\x04\\xa9\\x84\\x0b\\x04\\x94h\\x02@\\xf9\\x99B\\x00\\x91\\x00\n\\x80\\xd2\\x88\\x02\\x00\\xf9h\n@\\xb9\\x88\n\\x00\\xb9?\\x7f\\x00\\xa9\\x9e\\x07\\x04\\x94\\x00\\x00\\x00\\xa9 \\x03\\x00\\xf9\\x9f~\\x02\\xa9\\x9f\\x1a\\x00\\xf9h\\x1e@\\xf9\\x80\\x82\\x00\\x91\\x88\\x1e\\x00\\xf9h\"@\\xf9\\x88\"\\x00\\xf9h&B\\xa9\"\\x03@\\xf9(\\x01\\x08\\xcb\\x01\\xfdC\\x93\\xd0.\\xfd\\x97x\n@\\xf9\\x13\\x03@\\xf9\\x7f\\x02\\x18\\xeb\\xe0\\x07\\x00T{\t\\x00Xh\\x16@\\xf9aB\\x00\\x91\\x1f=\\x00\\xf1I\\x00\\x00Ta\n@\\xf9b\\x12@\\xf9\\x1a\\x97"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1605
          },
          {
            "timestamp": "2026-06-28 21:56:16,340",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1606
          },
          {
            "timestamp": "2026-06-28 21:56:16,340",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x0f\\x91@\\xc3\\x08\\x91\\x08\r@\\xf9H\\xdb\\x00\\xf9(\\x0b\\x00\\xd0\\x02A\\x14\\x916\\xef\\xfc\\x97\\xe1\\x03\\x00\\xaa@\\xcb@\\xf9H\\xdb@\\xf9\\xef\\x03\\x08\\xaaQ\n\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\x1f \\x03\\xd5H'A\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T@\\x1bA\\xf9\\x01\\x05\\x00\\x91\\xad\\xc7\\x03\\x94\\x10\\xe4\\x00O\\xe8\n\\x00\\xd0\\x01\\x81&\\x91\\x02\\x00\\x80\\xd2QC\n\\x91?~\\x00\\xa9@\\x03\n\\x91P_\\x80=\\x10\\xe4\\x00OP\\xa3\\x80=H\\xe9\\xfc\\x97\\x1f \\x03\\xd5@\\x13@\\xf9A\\x03\\x05\\x91\\x16S\\xfe\\x97\\xe7\\x03\\x00\\xaaF#@\\xf9H\\x03\n\\x91D\\xdbA\\xf9E\\xc3\r\\x91\\xe8\\x03\\x00\\xf9CC\r\\x91\\xe2\\x03\\x19\\xaaA\\xc3\\x07\\x91@\\xc3\\x05\\x91\\xad/\\x02\\x94\\x1f \\x03\\xd5H\\xaf@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T@\\xa3@\\xf9\\x01\\x05\\x00\\x91\\x8c\\xc7\\x03\\x94_W\\x15\\xa9_\\x03\\x059HOA\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T@CA\\xf9\\x01\\x05\\x00\\x91\\x84\\xc7\\x03\\x94A\\xa3]\\xa9QC"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1607
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1608
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00TS\\x05\\x00\\xf9\\xb5\\x02@\\xf9\\xbf\\x02\\x19\\xeb\\xc1\\xe7\\xffTW'@\\xf9\\xf3\\x01\\x80\\xd2YW@\\xf9@_@\\xf9\\x00\\x01\\x00\\xb4Hg@\\xf9\\x08\\x01\\x00\\xcb\\x01\\xf1}\\x92\\xb5\\x87\\x03\\x94YW@\\xf9_\\xff\\x0b\\xa9_g\\x00\\xf9(\\x07@\\xf9\\x1f\\x01\\x00\\xf95\\x03@\\xf9\\xf5\\x01\\x00\\xb4\\xa8\\x16@\\xf9\\xb9\\x02@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T\\xa0\n@\\xf9\\x01\\x05\\x00\\x91\\xa7\\x87\\x03\\x94\\x01\\x06\\x80\\xd2\\xbfN\\x02\\xa9\\xe0\\x03\\x15\\xaa\\xbfB\\x009\\xa2\\x87\\x03\\x94\\xf5\\x03\\x19\\xaay\\xfe\\xff\\xb5@W@\\xf9\\x01\\x06\\x80\\xd2\\x9d\\x87\\x03\\x94\\xf7\\x02@\\xf9H+@\\xf9\\xff\\x02\\x08\\xeb\\x81\\xe0\\xffTT\\x1f@\\xf9A\\x83\\x01\\x91@\\x83\\x02\\x91\\xfd0\\xfd\\x97_s\\x00\\xf9A\\x83\\x02\\x91\\xe0\\x03\\x14\\xaa\\x7f\\xb3\\xfd\\x97\\x9f~\\x04\\xa9@\\x83\\x02\\x91\\xce\\xa7\\xfc\\x97\\x1f \\x03\\xd5@?@\\xf9\\xe0\\x00\\x00\\xb4HG@\\xf9\\x08\\x01\\x00\\xcb\\x01\\xf1}\\x92\\x87\\x87\\x03\\x94_\\xff\\x07\\xa9_G\\x00\\xf9I7@\\xf9(\\x05@\\xf9\\x1f\\x01"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1609
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1610
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x80\\xd2\\xe2\\x03\\x18\\xaaX#\\x01\\xa9\\xe1\\x03\\x16\\xaa\\xe0\\x03\\x1a\\xaa\\xc5\\x13\\x04\\x94\\xe8\\x03\\x1a\\xaa\\x1fk(8\\x19\\x00\\x00\\x14\t\\x0f@\\xb2?\\x01\\x08\\xeb\\xc9\\x00\\x00T\\x00\\x00\\xf0\\xd2\\x15\\x00\\xf0\\x92\\xb6G\\x03\\x94\\xf9\\x03\\x00\\xaa\n\\x00\\x00\\x14?Y\\x00\\xf1\\xc8\\x02\\x80\\xd2\\x151\\x89\\x9a\\xa0\\x06\\x00\\x91\\x80\\x00\\x00\\xb4\\xaeG\\x03\\x94\\xf9\\x03\\x00\\xaa\\x02\\x00\\x00\\x14\\x19\\x00\\x80\\xd2\\xe2\\x03\\x18\\xaaY\\x03\\x00\\xf9\\xe1\\x03\\x16\\xaaXW\\x01\\xa9\\xe0\\x03\\x19\\xaa\\xab\\x13\\x04\\x94\\x1fk98h\n\\x00\\x90\\x01\\x81?\\x91\\x10\\xe4\\x00O_\\x7f\\x04\\xa9\\xe8\\x03\\x01\\xaaP\\x0f\\x80=\t\\x1d\\xc08\\xe9\\xff\\xff5\\x02\\x01\\x01\\xcb@\\xc3\\x00\\x91=i\\xfc\\x97\\x1f \\x03\\xd5\\xe4\\x03\\x1a\\xaaC\\xc3\\x00\\x91\\xc2?\\x80RA\\x00\\x80R\\xe0\\x92\\x84R\\x80\\xc7\\xa3rK\\xf2\\x01\\x94\\x1f \\x03\\xd5H'@\\xf9\\x1f=\\x00\\xf1\\xa9\\x00\\x00T@\\x1b@\\xf9\\x01\\x05\\x00\\x91\\x88G\\x03\\x94\\x1f \\x03\\xd5H\\x0f@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T@\\x03@\\xf9\\x01\\x05"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1611
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1612
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x08\\xeb\\x08\\x0b\\x00T\\xdf>\\x00\\xf1\\xa8\\x00\\x00TVo\\x05\\xa9\\x90\\x02\\xc0=P\\x13\\x80=\\x16\\x00\\x00\\x14\\xc9\\x0e@\\xb2?\\x01\\x08\\xeb\\xa9\\x00\\x00T\\x00\\x00\\xf0\\xd2\\x13\\x00\\xf0\\x92\\xb7\\x07\\x03\\x94\t\\x00\\x00\\x14?Y\\x00\\xf1\\xc8\\x02\\x80\\xd2\\x131\\x89\\x9a`\\x06\\x00\\x91`\\x00\\x00\\xb4\\xb0\\x07\\x03\\x94\\x02\\x00\\x00\\x14\\x00\\x00\\x80\\xd2\\xc2\\x06\\x00\\x91@#\\x00\\xf9\\xe1\\x03\\x14\\xaaVO\\x05\\xa9\\xaf\\xd3\\x03\\x94\\x1f \\x03\\xd5S\\x13@\\xf9\\xe7\\x03\\x1a\\xaaF\\x03\\x01\\x91\\xe5\\x03\\x17\\xaaD\\x03\\x07\\x91\\xe0\\x03\\x13\\xaa\\xe3\\x03\\x18\\xaa\\xe2\\x03\\x15\\xaa!C\\x00\\x91t\\x84\\xfd\\x97\\x1f \\x03\\xd5H3@\\xf9\\x10\\xe4\\x00O@\\x17@\\xf9\\x10\\x01\\x80=\\x13\\x01\\x00\\xa9H\\x07A\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T@\\xfb@\\xf9\\x01\\x05\\x00\\x91\\x90\\x07\\x03\\x94H\\xf7@\\xf9Q\\x03\\x08\\x91?n\\x00\\xa9_\\xc3\\x079\\x1f=\\x00\\xf1\\x89\\x00\\x00T@\\xeb@\\xf9\\x01\\x05\\x00\\x91\\x87\\x07\\x03\\x94@\\xe7@\\xf9_o\\x1e\\xa9_C\\x079`\\x00\\x00\\xb4p("
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1613
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1614
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x13\\xcb\\xbf\\x02\\x14\\xeb\\xc8#\\x00T\\xbf>\\x00\\xf1(\\x01\\x00T\\xe2\\x03\\x15\\xaaUg\\x03\\xa9\\xe1\\x03\\x13\\xaa@\\x83\\x00\\x91\\xc1\\x93\\x03\\x94H\\x83\\x00\\x91\\xbfj(8\\x19\\x00\\x00\\x14\\xa9\\x0e@\\xb2?\\x01\\x14\\xeb\\xc9\\x00\\x00T\\x00\\x00\\xf0\\xd2\\x14\\x00\\xf0\\x92\\xb2\\xc7\\x02\\x94\\xf6\\x03\\x00\\xaa\n\\x00\\x00\\x14?Y\\x00\\xf1\\xc8\\x02\\x80\\xd2\\x141\\x89\\x9a\\x80\\x06\\x00\\x91\\x80\\x00\\x00\\xb4\\xaa\\xc7\\x02\\x94\\xf6\\x03\\x00\\xaa\\x02\\x00\\x00\\x14\\x16\\x00\\x80\\xd2\\xe2\\x03\\x15\\xaaV\\x13\\x00\\xf9\\xe1\\x03\\x13\\xaaUS\\x03\\xa9\\xe0\\x03\\x16\\xaa\\xa7\\x93\\x03\\x94\\xbfj68\\xe2\\x03\\x1a\\xaaA\\x83\\x00\\x91\\xe0\\x03\\x18\\xaa\\xef\\x03\\x17\\xaaQ\\x08\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\x1f \\x03\\xd5H\\x1f@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T@\\x13@\\xf9\\x01\\x05\\x00\\x91\\x8f\\xc7\\x02\\x94_g\\x03\\xa9_\\x83\\x009H\\x0f@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T@\\x03@\\xf9\\x01\\x05\\x00\\x91\\x87\\xc7\\x02\\x944\\x00\\x80R\\xcf\\x00\\x00\\x14WO@\\xf9\\xb7\\x06\\x00\\xb5\\xe8\\x08"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1615
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1616
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x049h\\x82@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T`v@\\xf9\\x01\\x05\\x00\\x91\\xbc\\x87\\x02\\x94\\x7f\\xd2\\x0f\\xa9\\x7f\\xa2\\x039`b@\\xf9\\xe0\\x00\\x00\\xb4hj@\\xf9\\x08\\x01\\x00\\xcb\\x01\\xf1}\\x92\\xb4\\x87\\x02\\x94\\x7f~\\x0c\\xa9\\x7fj\\x00\\xf9aZ@\\xf9&\\xa7\\xfb\\x97`Z@\\xf9\\x01\n\\x80\\xd2\\xad\\x87\\x02\\x94hR@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T`F@\\xf9\\x01\\x05\\x00\\x91\\xa7\\x87\\x02\\x94\\x7f\\xd2\t\\xa9\\x7f\"\\x029hB@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T`6@\\xf9\\x01\\x05\\x00\\x91\\x9f\\x87\\x02\\x94\\x7f\\xd2\\x07\\xa9\\x7f\\xa2\\x019h*@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T`\\x1e@\\xf9\\x01\\x05\\x00\\x91\\x97\\x87\\x02\\x94\\x7f\\xd2\\x04\\xa9\\x7f\\xe2\\x009h\\x1a@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T`\\x0e@\\xf9\\x01\\x05\\x00\\x91\\x8f\\x87\\x02\\x94\\x7f\\xd2\\x02\\xa9\\x7fb\\x009`\n@\\xf9@\\x00\\x00\\xb4x\\xa8\\xfb\\x97\\xfd{\\xc1\\xa8\\xf3S\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbc\\xa9\\xf3S\\x01\\xa9\\xf5[\\x02\\xa9\\xf7c\\x03\\xa9\\xfd\\x03"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1617
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1618
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x02\\x94_\\x03\\x00\\xf9S/@\\xf9\\xf3\\x01\\x00\\xb4`b\\x00\\x91\\xa5\\xc8\\xfb\\x97\\x08\\x00\\x80\\x12\n\\xfc_\\x88I\\x01\\x08\\x0b\t\\xfc\\x11\\x88\\xb1\\xff\\xff5H\\x05\\x00Q\\xc8\\x05\\x005\\xbf;\\x03\\xd5h\\xf3\\x02\\x94\\xe2\\x03\\x13\\xaa\\x01\\x00\\x80Rb\\xf3\\x02\\x94_\\x03\\x00\\xf9\\xc3\\xe2\\x00\\x91\\xe2\\x03\\x1a\\xaaA\\xa3\\x02\\x91@\\xc3\\x02\\x91W\\xca\\xff\\x97\\x1f \\x03\\xd5H\\x03@\\xf9h\\x00\\x00\\xb4\\xe0\\x03\\x1a\\xaa\\xb0\\xcc\\xfb\\x97@[@\\xf9\\x9f~\\x00\\xa9\\x80\n\\x00\\xf9\\xa0\\x01\\x00\\xb4\\x08\\x00@\\xf9\\x08\\x05@\\xf9\\xef\\x03\\x08\\xaaQ\\x07\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6H[@\\xf9\\x88\\x00\\x00\\xb4@\\xc3\\x02\\x91\\xa1\\xcc\\xfb\\x97\\x1f \\x03\\xd5HW@\\xf9\\x88\\x00\\x00\\xb4@\\xa3\\x02\\x91\\x9c\\xcc\\xfb\\x97\\x1f \\x03\\xd5HS@\\xf9h\\x00\\x00\\xb4@\\x83\\x02\\x91\\x97\\xcc\\xfb\\x97\\xe0\\x03\\x14\\xaa\\x06\\x00\\x00\\x14H\\x02\\xf87\\xc8\\xff\\xff\\x17H\\x02\\xf87\\xd7\\xff\\xff\\x17@+@\\xf9\\xff\\x03\\x03\\x91\\xe0`\\xfb\\x97\\xfb+@\\xf9\\xf9k"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1619
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1620
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00T@;@\\xf9\\x08\\x05\\x00\\x91\\x01\\xf9\\x7f\\xd3\\xbe\\x07\\x02\\x94WSK\\xa9\\x17\\x1c\\x00\\xb4\\xff\\x02\\x14\\xeb@\\x02\\x00T\\xf7b\\x00\\x91\\xfb\\x00\\x80\\xd2\\xe8\\x02@\\xf9\\x1f\\x1d\\x00\\xf1\\xa9\\x00\\x00T\\xe0\\x82^\\xf8\\x08\\x05\\x00\\x91\\x01\\xf9\\x7f\\xd3\\xb1\\x07\\x02\\x94\\xe8b\\x00\\xd1\\xff\\x82\\x1f\\xf8\\xfb\\x06\\x02\\xf8\\x1f\\x01\\x00y\\xe8b\\x00\\xd1\\x1f\\x01\\x14\\xeba\\xfe\\xffTW[@\\xf9Hc@\\xf9\\xc7\\x00\\x00\\x14A\\xc3\\x01\\x91\\xef\\x03\\x08\\xaa\\xd1\\x06\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\x1f \\x03\\xd5WSG\\xa9\\xff\\x02\\x14\\xeb\\x00\\x15\\x00TT\\x17\\x00\\xf9S[\\x00\\xf9\\xc0\\x02@\\xf9\\xe2\\x03\\x17\\xaaA#\\x03\\x91\\x08\\x00@\\xf9\\x08\\x15@\\xf9\\xef\\x03\\x08\\xaa\\xd1\\x06\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\x1f \\x03\\xd5S\\xd3L\\xa9\\x7f\\x02\\x14\\xeb \\x0f\\x00T_\\x07\\x009\\xfb\\x1f\\x00S_\\x0b\\x009\\xf9\\x1f\\x00S\\xe1\\x03\\x17\\xaa@C\\x02\\x91\\x14\\xe5\\xfd\\x97\\x1f \\x03\\xd5\\x08\\x08\\x00\\x90\\x01\\x81%\\x91\\xe2\\x03"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1621
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1622
          },
          {
            "timestamp": "2026-06-28 21:56:16,355",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00T@\\x05\\x00T\\xc4\\x04\\x004H\\xdc\\x85R\\x9f\\x00\\x08k\\xa0\\x00\\x00T\\xe8\\xdc\\x85R\\x9f\\x00\\x08k\\x00\t\\x00T\\xf0\\x00\\x00\\x14\\x88\\x07\\x00\\xb0\\x05A\\x19\\x91\\xa3\\x02\\x80R\\x82\\x00\\x80R!Q\\x90R!p\\xa4r\\xe0\\x03\\x17\\xaa\\x996\\xfc\\x97\\xf3\\x03\\x00\\xaai\\x02@9a\"\\x00\\x91\\xe8\\xa2B9\\xe9b\\x019\\x08\\x01\\x004h\\x06@9\\xe0\\x82\\x01\\x91\\xe8f\\x019{\\x1f\\xfb\\x97hJ@\\xb9\\xe8\\xa2\\x00\\xb9\t\\x00\\x00\\x14h\\x06@9\\xe0\\x82\\x01\\x91\\xe8f\\x0190\\x99\\xfb\\x97hJ@\\xb9\\xe8\\xa2\\x00\\xb9(\\x00\\x80R\\xe8\\xa2\\x029+\\x01\\x00\\x14\\xe0\\x03\\x16\\xaak\\x01\\x00\\x949\\x01\\x00\\x14\\x88\\x07\\x00\\xb0\\x05\\xe1\\x1f\\x91\\xc3\\x00\\x80Rb\\x00\\x80R\\xe1 \\x80R!p\\xa4r\\xe0\\x03\\x17\\xaax6\\xfc\\x97\\xf3\\x03\\x00\\xaai\\x02@9a\"\\x00\\x91\\xe8\\xa2B9\\xe9b\\x019\\x08\\x01\\x004h\\x06@9\\xe0\\x82\\x01\\x91\\xe8f\\x019Z\\x1f\\xfb\\x97hJ@\\xb9\\xe8\\xa2\\x00\\xb9\t\\x00\\x00\\x14h\\x06"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1623
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1624
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "@\\xf9\\xef\\x03\\x08\\xaa\\xd1\\x05\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\xe1\\x03\\x00\\xaa\\x80B\\x04\\x91\\xee\\xfb\\xff\\x97\\x13\\x00\\x13*\\x08\\x0f@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T\\x00\\x03@\\xf9\\x01\\x05\\x00\\x91\\xb3\\x87\\x01\\x94\\xa0\\x02@\\xf9\\xe1\\x03\\x18\\xaa\\x08\\x00@\\xf9\\x08A@\\xf9\\xef\\x03\\x08\\xaa\\xd1\\x05\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\xe1\\x03\\x00\\xaa\\x80B\\x02\\x91\\xdb\\xfb\\xff\\x97\\x13\\x00\\x13*\\x08\\x0f@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T\\x00\\x03@\\xf9\\x01\\x05\\x00\\x91\\xa0\\x87\\x01\\x94\\xa0\\x02@\\xf9\\xe1\\x03\\x18\\xaa\\x08\\x00@\\xf9\\x08q@\\xf9\\xef\\x03\\x08\\xaa\\xd1\\x05\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\xe1\\x03\\x00\\xaa\\x80B\\x05\\x91\\xc8\\xfb\\xff\\x97\\x13\\x00\\x13*\\x08\\x0f@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T\\x00\\x03@\\xf9\\x01\\x05\\x00\\x91\\x8d\\x87\\x01\\x94\\xa0\\x02@\\xf9\\xe1\\x03\\x18\\xaa\\x08\\x00@\\xf9\\x081@\\xf9\\xef\\x03\\x08\\xaa\\xd1\\x05\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\xe1\\x03\\x00\\xaa\\x80\\xa2"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1625
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1626
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "@\\xa9\\x1f\\x01\t\\xeb\\xa1\\x0b\\x00T\\xa8\\x06\\x00\\x90\\x13A\\x0e\\x91\\x10\\xe4\\x00O\\xe8\\x03\\x13\\xaaP\\x03\\x80=\t\\x1d\\xc08\\xe9\\xff\\xff5\\x16\\x01\\x13\\xcb\\x08\\x00\\xf0\\x92\\xdf\\x02\\x08\\xebH\\x1f\\x00T\\xdf>\\x00\\xf1(\\x01\\x00T\\xe2\\x03\\x16\\xaaVS\\x01\\xa9\\xe1\\x03\\x13\\xaa\\xe0\\x03\\x1a\\xaa\\xb6\\x13\\x02\\x94\\xe8\\x03\\x1a\\xaa\\xdfj(8\\x19\\x00\\x00\\x14\\xc9\\x0e@\\xb2?\\x01\\x08\\xeb\\xc9\\x00\\x00T\\x00\\x00\\xf0\\xd2\\x17\\x00\\xf0\\x92\\xa7G\\x01\\x94\\xf8\\x03\\x00\\xaa\n\\x00\\x00\\x14?Y\\x00\\xf1\\xc8\\x02\\x80\\xd2\\x171\\x89\\x9a\\xe0\\x06\\x00\\x91\\x80\\x00\\x00\\xb4\\x9fG\\x01\\x94\\xf8\\x03\\x00\\xaa\\x02\\x00\\x00\\x14\\x18\\x00\\x80\\xd2\\xe2\\x03\\x16\\xaaX\\x03\\x00\\xf9\\xe1\\x03\\x13\\xaaV_\\x01\\xa9\\xe0\\x03\\x18\\xaa\\x9c\\x13\\x02\\x94\\xdfj88\\xe3\\x03\\x1a\\xaa\\x02\\x00\\x80R\\xe1\\x8b\\x84R\\x81\\xc7\\xa3r\\xe0\\x03\\x15\\xaa\\x87\\xf6\\xff\\x97H\\x0f@\\xf9\\x1f=\\x00\\xf1\\xa9\\x00\\x00T@\\x03@\\xf9\\x01\\x05\\x00\\x91\\x87G\\x01\\x94\\x1f \\x03\\xd5@sA\\xf9\\xe0\\x00\\x00\\xb4H{A\\xf9\\x01\\x01"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1627
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1628
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x91\\xc1\\x07\\x01\\x94(\\x06\\x00\\xd0\\x13\\xe1$\\x91\\x10\\xe4\\x00O_\\x7f\\x01\\xa9\\xe8\\x03\\x13\\xaaP\\x03\\x80=\t\\x1d\\xc08\\xe9\\xff\\xff5\\x15\\x01\\x13\\xcb\\xbf\\x02\\x14\\xeb\\x087\\x00T\\xbf>\\x00\\xf1(\\x01\\x00T\\xe2\\x03\\x15\\xaaUc\\x01\\xa9\\xe1\\x03\\x13\\xaa\\xe0\\x03\\x1a\\xaa\\xb7\\xd3\\x01\\x94\\xe8\\x03\\x1a\\xaa\\xbfj(8\\x18\\x00\\x00\\x14\\xa8\\x0e@\\xb2\\x1f\\x01\\x14\\xeb\\xc9\\x00\\x00T\\x00\\x00\\xf0\\xd2\\x17\\x00\\xf0\\x92\\xa8\\x07\\x01\\x94\\xfb\\x03\\x00\\xaa\t\\x00\\x00\\x14\\x1fY\\x00\\xf173\\x88\\x9a\\xe0\\x06\\x00\\x91\\x80\\x00\\x00\\xb4\\xa1\\x07\\x01\\x94\\xfb\\x03\\x00\\xaa\\x02\\x00\\x00\\x14\\x1b\\x00\\x80\\xd2\\xe2\\x03\\x15\\xaa[\\x03\\x00\\xf9\\xe1\\x03\\x13\\xaaU_\\x01\\xa9\\xe0\\x03\\x1b\\xaa\\x9e\\xd3\\x01\\x94\\xbfj;8(\\x06\\x00\\xd0\\x02A%\\x91\\xe1\\x03\\x1a\\xaa@C\\x02\\x91l^\\x00\\x94\\x1f \\x03\\xd5H\\x0f@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T@\\x03@\\xf9\\x01\\x05\\x00\\x91\\x89\\x07\\x01\\x94(\\x06\\x00\\xd0\\x02\\xa1$\\x91_W\\x00\\xf9AC\\x02\\x91@\\xa3\\x02\\x91#^\\x00\\x94(\\x06"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1629
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1630
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xa3r%b\\xfb\\x97h\n@\\xf9h\\x13\\x00\\xb4\\xa0\\x02@\\xf9Ac\\x01\\x91\\x08\\x00@\\xf9\\x08!@\\xf9\\xef\\x03\\x08\\xaaQ\\x04\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\x1f \\x03\\xd5\\x08\\x0c@\\xf9\\xf7\\x03\\x00\\xaa\\x1f=\\x00\\xf1I\\x00\\x00T\\x17\\x00@\\xf9\\xa0\\x02@\\xf9A\\xe3\\x00\\x91\\x08\\x00@\\xf9\\x08Y@\\xf9\\xef\\x03\\x08\\xaaQ\\x04\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\x1f \\x03\\xd5\\x08\\x0c@\\xf9\\xf6\\x03\\x00\\xaa\\x1f=\\x00\\xf1I\\x00\\x00T\\x16\\x00@\\xf9\\xa0\\x02@\\xf9Ac\\x00\\x91\\x08\\x00@\\xf9\\x08Q@\\xf9\\xef\\x03\\x08\\xaaQ\\x04\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\x1f \\x03\\xd5\\x08\\x0c@\\xf9\\x1f=\\x00\\xf1I\\x00\\x00T\\x00\\x00@\\xf9\\xa8\\x05\\x00\\xf0\\x01\\x017\\x91\\xe2\\x03\\x00\\xaa\\xe4\\x03\\x17\\xaa\\xe3\\x03\\x16\\xaa@\\x83\\x04\\x91\\x88\\xe5\\xf9\\x97\\x1f \\x03\\xd5H\\x1b@\\xf9\\x1f=\\x00\\xf1\\x89\\x00\\x00T@\\x0f@\\xf9\\x01\\x05\\x00\\x91\\x85\\xc7\\x00\\x94\\xf5\\x01\\x80\\xd2_c\\x009_\\xd7"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1631
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1632
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xc2\\xa8\\xc0\\x03_\\xd6\\xf3\\x0f\\x1f\\xf8\\xfd{\\xbe\\xa9\\xfd\\x03\\x00\\x910\\x00\\x80\\x92\\xf3\\x03\\x00\\xaa\\xb0\\x0b\\x00\\xf9H\\x0b\\x00\\x90\\x00\\xbd\\x1f\\x91\\x98\\x8b\\x00\\x94`\\x02@\\xf9 \\x01\\x00\\xb4\\x7f\\x02\\x00\\xf9\\x08\\x00@\\xf9\\x08\t@\\xf9\\xef\\x03\\x08\\xaa\\xd1\\x03\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\xfd{\\xc2\\xa8\\xf3\\x07A\\xf8\\xc0\\x03_\\xd6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf3S\\xbe\\xa9\\xf5[\\x01\\xa9\\xfd{\\xbf\\xa9\\xfd\\x03\\x00\\x91H\\x0b\\x00\\x90\\x00a\\x1f\\x91\\xf6\\x03\\x02\\xaa\\xf5\\x03\\x03*\\xf4\\x03\\x04*\\xf3\\x03\\x05\\xaa~\\x8b\\x00\\x94\\xe5\\x03\\x13\\xaa\\xe4\\x03\\x14*\\xe3\\x03\\x15*\\xe2\\x03\\x16\\xaah\t\\x00\\xb0\\x00\\x81\n\\x91\\x95\\xa2\\xfe\\x97\\xfd{\\xc1\\xa8\\xf5[A\\xa9\\xf3S\\xc2\\xa8\\xc0\\x03_\\xd6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf3S\\xbe\\xa9\\xf5\\x0b\\x00\\xf9\\xfd{\\xbf\\xa9\\xfd\\x03\\x00\\x91H\\x0b\\x00\\x90\\x00a\\x1f\\x91\\xf3\\x03\\x01*\\xf5\\x03\\x02*\\xf4\\x03\\x03\\xaag\\x8b\\x00\\x94\\xd3\\x00\\x004\\xa0\\x04\\x00\\x18\\xfd{\\xc1\\xa8\\xf5\\x0b@\\xf9\\xf3S"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1633
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1634
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xbc\\xa9\\xf3S\\x01\\xa9\\xf5[\\x02\\xa9\\xf7\\x1b\\x00\\xf9\\xfd\\x03\\x00\\x91\\x11a\\xf9\\x97\\xff\\x83\\x01\\xd1\\xf4\\x03\\x00\\xaa\\xa8\n\\x00\\xb0\\x00\\xbd\\x01\\x91\\xf3\\x03\\x01\\xaa\\xf5\\x03\\x02\\xaa\\x96K\\x00\\x94\\xa8\\x12@\\xb9\n\\x05\\x00Q_9\\x00qH'\\x00T\t*\\x00\\x10(Y\\xaa\\xb8I\\x19\\x00\\x10(\t\\x08\\x8b\\x00\\x01\\x1f\\xd6\\xb6\\x02@\\xb9s\\x02@\\xf9\\xd5~\\x1fSU\\x00\\x004\\xf6\\x03\\x16K\\xc8\\x02\\x002\t\\x11\\xc0Z\\xe8\\x03\\x80R\t\\x01\tKh\\x03\\x00\\x90\\x08\\x81'\\x91\\x08\\xd9i\\xf8\\xf5\\x03\\x15\\xaa\\xe0\\x03\\x13\\xaa\\x08A6\\x8b\\x17\\xfd`\\xd3\\xa1\\xc27\\x8bG\\xfd\\xff\\x97@\\x01\\x00\\xb4\\x95\\x00\\x004\\xa8\\x05\\x80R\\x08\\x00\\x009\\x00\\x04\\x00\\x91\\xe2\\x03\\x17*\\xe1\\x03\\x16*\\xc1\\xf0\\xff\\x97\\x93\\x02\\x00\\xf9(\\x01\\x00\\x14\\xd5\\x02\\x004i\"A\\xa9!\\x05\\x00\\x91?\\x00\\x08\\xeb\\x89\\x01\\x00T?\\x00\\x08\\xeb!\\x80\\x9f\\x9a\\x9f\"\\x03\\xd5h\\x02@\\xf9\\xe0\\x03\\x13\\xaa\\x08\\x01@\\xf9\\xef\\x03\\x08\\xaaQ\\x03\\x00\\xb01\\xbaD\\xf9 \\x02"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1635
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1636
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6 \\x01\\x00\\xb4\\x08\\x00@\\xf9!\\x00\\x80R\\x08\\x01@\\xf9\\xef\\x03\\x08\\xaa\\xd1\\x02\\x00\\xb01\\xbaD\\xf9 \\x02?\\xd6\\xe0\\x01?\\xd6\\xfd{\\xc1\\xa8\\xff#\\x03\\xd5\\xc0\\x03_\\xd6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x7f#\\x03\\xd5\\xf3\\x0f\\x1f\\xf8\\xfd{\\xbe\\xa9\\xfd\\x03\\x00\\x91\\x01\\x00\\x80R\\xe0C\\x00\\x91(\\x00\\x00\\x94s\t\\x00\\xd0`\\xa2/\\x91\\xdd\\xff\\xff\\x97\\xe0C\\x00\\x91\\x7f\\xf6\\x05\\xf9R\\x00\\x00\\x94\\xfd{\\xc2\\xa8\\xf3\\x07A\\xf8\\xff#\\x03\\xd5\\xc0\\x03_\\xd6\\x00\\x00\\x00\\x00\\x7f#\\x03\\xd5\\xf3S\\xbe\\xa9\\xf5\\x0b\\x00\\xf9\\xfd{\\xbf\\xa9\\xfd\\x03\\x00\\x91h\\x08\\x00\\x90\t\\x91\\x06\\x91\\xf3\\x03\\x00\\xaa(\\xfd_\\x88\\x08\\x05\\x00\\x11(\\xfd\\x11\\x88\\xb1\\xff\\xff5\\xbf;\\x03\\xd5(\\x01\\x005h\t\\x00\\xd0\\x14\\x010\\x91\\x95\\x02\\x05\\x91\\xe0\\x03\\x14\\xaa\\xfc\\x05\\x00\\x94\\x94\\xa2\\x00\\x91\\x9f\\x02\\x15\\xeb\\x81\\xff\\xffT\\xe0\\x03\\x13\\xaa\\xfd{\\xc1\\xa8\\xf5\\x0b@\\xf9\\xf3S\\xc2\\xa8\\xff#\\x03\\xd5\\xc0\\x03_\\xd6\\x7f#"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1637
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1638
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "A\\xb9\\x11c\\x05\\x91(~\\x00)\\x16\\x00\\x80\\xd2\\xb4\\x82\\x05\\x91s\\x00\\x006s\\x06\\x00\\x91\\xf3\\xff\\x077\\xff\\x06\\x00q!\\x01\\x00Th\\xfeA\\xd3\\x00\\x07\\x08\\x8bI\\x03\\x13\\xcb!\\xfdA\\xd3\\x80j9\\xf8\\x82\\x02@\\xf9\\xfc\\xf0\\xff\\x97 \\x1e\\x005\\x8a\\x86@\\xf8H\\x01\\xc0y\\xe9\\x03\n\\xaah\\x00\\x004(-\\xc0x\\xe8\\xff\\xff5(\\x01\n\\xcb\t\\xfdA\\x93*\\x05\\x00\\x91\\xd6\\x06\\x00\\x91s\\x06\n\\x8b\\xdf\\x1e\\x00\\xf1\\xe3\\xfc\\xffT\\x16\\x00\\x80\\xd2\\xb4b\\x06\\x91s\\x00\\x006s\\x06\\x00\\x91\\xf3\\xff\\x077\\xff\\x06\\x00q!\\x01\\x00Th\\xfeA\\xd3\\x00\\x07\\x08\\x8bI\\x03\\x13\\xcb!\\xfdA\\xd3\\x80j9\\xf8\\x82\\x02@\\xf9\\xe0\\xf0\\xff\\x97\\xa0\\x1a\\x005\\x8a\\x86@\\xf8H\\x01\\xc0y\\xe9\\x03\n\\xaah\\x00\\x004(-\\xc0x\\xe8\\xff\\xff5(\\x01\n\\xcb\t\\xfdA\\x93*\\x05\\x00\\x91\\xd6\\x06\\x00\\x91s\\x06\n\\x8b\\xdf\\x1e\\x00\\xf1\\xe3\\xfc\\xffT\\x16\\x00\\x80\\xd2\\xb4B\\x07\\x91s\\x00\\x006s\\x06\\x00\\x91\\xf3\\xff\\x077\\xff\\x06"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1639
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1640
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": ")8k\\xff\\xffTG\\x13@\\xf9\n\\x00\\x80\\xd2({g\\xf8I\\x01\\x1b\\x8bJ\\x05\\x00\\x91\\xad\\x05\\x00Q)\\x01\\x08\\x8b?\\xf9\\x009M\\xff\\xff5\\xdf\\x11\\x00q_#\\x00\\xf9\\xb8\\x14\\x85\\x1aH#\\x02\\x91\\x02\\x7f@\\xd3H'\\x00\\xf9\\xe4\\x03\\x0f\\xaaC\\x03\\x01\\x91A#\\x01\\x91@\\x13\\x00\\x91?\\x1d\\x00\\x94\\x1f\\x04\\x00\\xb1@\\x15\\x00T\\xd6\\x06\\x00Q\\x11\\x00\\x00\\x14h\\x02@9\\xd6\\xc8\\xe88\\xc8\\x06\\x00\\x11\\x9f\\xc1(\\xebk\\x10\\x00T\\x1f\\x11\\x00q_O\\x05\\xa9\\xb8\\x14\\x85\\x1a\\x02\\x7f@\\xd3\\xe4\\x03\\x0f\\xaaCC\\x01\\x91Ac\\x01\\x91@\\x13\\x00\\x91-\\x1d\\x00\\x94\\x1f\\x04\\x00\\xb1\\x00\\x13\\x00Ts\\xc26\\x8b(\\x00\\x00\\x14({v\\xf8l\\x03\\x08\\x8b\\x8a\\xf5@9j\\x01\\x106\\x88\\xf9\\xc09B\\x00\\x80\\xd2i\\x02\\xc09AC\\x02\\x91HC\\x029h\\x1f\\x80RH\\x01\\x08\nIG\\x029\\x88\\xf5\\x009\\x15\\x00\\x00\\x14\\xe8\r@\\xf9k\\x02\\xc09\t\\x01@\\xf9j\\x1d\\x00S*\\xd9\\xeax\\xaa\\x01\\xf86v\\x06"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1641
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1642
          },
          {
            "timestamp": "2026-06-28 21:56:16,371",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\xb9\\x1f\t\\x00q\\xe1\\x00\\x00T@\\x83\\x04\\x91X\\xb4\\xf9\\x97\\xc8\\x06\\x00\\x90\\x01\\x01\r\\x91@\\x83\\x04\\x91\\xb8Q\\xff\\x97`V@\\xf9a\"\\x03\\x91A\\xbf\\x00\\xf9@'\\x00\\xf9\\xd1\\x9f\\xf9\\x97\\x1f \\x03\\xd5hR@\\xf9H\\x02\\x00\\xb4\\xf7\\x03\\x08\\xaa\\x7fn\\x01\\xf9W#\\x00\\xf9`b\\x0b\\x91\\xe9\\xac\\xf9\\x97\\xfb\\x03\\x00\\xaa\\xe0\\x03\\x17\\xaa0\\xac\\xf9\\x97\\x08\\xfc_\\xc8\\x1b|\\x11\\xc8\\xd1\\xff\\xff5\\xbf;\\x03\\xd5\\x1f\\x05\\x00\\xf1a\\x00\\x00T\\xe1=\\xff\\x97\\xf4\\xff\\xff\\x176\\x00\\x80RhN@\\xf9H\\x13\\x00\\xf9h\\x00\\x00\\xb4`b\\x02\\x91\\xa6\\xcc\\xf8\\x97w\\xdaA\\xf9{b\\x03\\x91\\xe0\\x03\\x1b\\xaa\\xe8\\x02@\\xf9\\x01\\x01@\\xf9\\x02 \\xfb\\x97\\x1f \\x03\\xd5H\\xbf@\\xf9i\\x82\\x0b\\x91a\\x82\\x0b\\x91`B\\x03\\x91(m\\x00\\xa9\\xf1\\x17\\xfb\\x97\\x1f \\x03\\xd5h\\x03@\\xf9HG\\x00\\xf9h\\x00\\x00\\xb4\\xe0\\x03\\x1b\\xaa\\x93\\xcc\\xf8\\x97`\\xd2A\\xf9a\\x82\\x03\\x91\\xba\\x1a\\xfb\\x97\\x1f \\x03\\xd5aB\\x03\\x91m\\x1b\\xfb\\x97\\x1f "
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1643
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 1644
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1645
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\xd1H\\x13@\\xf9\\x00a\\x00\\x91\\xb1&\\xf8\\x97\\xffC\\x00\\x91\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xffC\\x00\\xd1H\\x13@\\xf9\\x00\\xa1\\x00\\x91S\\xa3\\xf8\\x97\\xffC\\x00\\x91\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xffC\\x00\\xd1H\\x13@\\xf9\\x00\\xe1\\x00\\x91K\\xa3\\xf8\\x97\\xffC\\x00\\x91\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xffC\\x00\\xd1H\\x13@\\xf9\\x00!\\x01\\x91C\\xa3\\xf8\\x97\\xffC\\x00\\x91\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xffC\\x00\\xd1H\\x13@\\xf9\\x00a\\x01\\x91;\\xa3\\xf8\\x97\\xffC\\x00\\x91\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xffC\\x00\\xd1H\\x13@\\xf9\\x00\\xa1\\x01\\x913\\xa3\\xf8\\x97\\xffC\\x00\\x91\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xffC\\x00\\xd1H\\x13@\\xf9\\x00\\xe1\\x01\\x91+\\xa3\\xf8\\x97\\xffC\\x00\\x91\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xffC\\x00\\xd1H\\x13@\\xf9\\x00!\\x02\\x91#\\xa3\\xf8\\x97\\xffC\\x00\\x91\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xffC"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1646
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1647
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "_\\xd6\\xfd{\\xbf\\xa9 C\\x02\\x91g0\\xf8\\x97\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\x00\\xa3\\x00\\x91\\xc2\\x16\\xfe\\x97\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9@\\xc3\\x05\\x91y\\xfb\\xfc\\x97\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9@\\x03\\x06\\x91\\xaeU\\xf8\\x97\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xa0c\\x00\\x91\\xd9\\x13\\xfd\\x97\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xe0\"\\x00\\x91\\xe2\\x13\\xfd\\x97\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xa0B\\x00\\x91\\xd7\\x14\\xfd\\x97\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xe0B\\x00\\x91\\xd8\\x13\\xfd\\x97\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xa0\\x82\\x00\\x91\\xaf\\xe9\\xf7\\x97\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xa0B\\x01\\x91\\x84\\xe6\\xf7\\x97\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xa0\"\\x00\\x9150\\xf8\\x97\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xff\\x83\\x00\\xd1\\xa0\n@\\xf9\\xdb\\x19\\xfd\\x97\\xff\\x83\\x00\\x91\\xfd{\\xc1\\xa8\\xc0\\x03_\\xd6\\xfd{\\xbf\\xa9\\xff\\x83"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1648
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1649
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x1d\\x00\\x00\\xc0\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x96\\x00\\x00\\xc0\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8d\\x00\\x00\\xc0\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\x00\\x00\\xc0\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8f\\x00\\x00\\xc0\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x00\\x00\\xc0\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x91\\x00\\x00\\xc0\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x92\\x00\\x00\\xc0\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x93\\x00\\x00\\xc0\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb4\\x02\\x00\\xc0\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb5\\x02\\x00\\xc0\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x05\\x93\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x90\\xd4+\\x00\\xe8\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1650
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1651
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "countNotFound\\x00StatusInternal::KeyNotFound\\x00\\x00\\x00\\x00\\x00StatusInternal::AccountSwitch\\x00\\x00\\x00StatusInternal::TransientError\\x00\\x00StatusInternal::DeviceNotRegistered\\x00\\x00\\x00\\x00\\x00StatusInternal::RequiredBrokerMissing\\x00\\x00\\x00Attempted to call ToString() on an unknown status: %d\\x00\\x00\\x00StatusInte"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1652
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1653
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "iled to sign in to the proxy.\\x00Unknown error response from WinInet\\x00\\x00\\x00\\x00\\x00Invalid server response.\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00The SSL certificate authority is invalid.\\x00\\x00\\x00\\x00\\x00\\x00\\x00The SSL certificate common name (host name field) is invalid.\\x00\\x00\\x00Recieved ERROR_IO_PENDING, exiting this ca"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1654
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1655
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xf0~(\\x00\\xa8\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x05\\x93\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x00\\x00p~(\\x00\\x80\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x05\\x93\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\xf0}(\\x00\\x80\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x05\\x93\\x19\\x08\\x00\\x00\\x00\\x00}(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00@}(\\x00p\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x05\\x93\\x19\\x01\\x00\\x00\\x00\\x1c?'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xc0|(\\x00\\x80\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x05\\x93\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00 |"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1656
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1657
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": ",\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00 \\x98%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x008\\x98%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x97%\\x00xp%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80_,\\x00 \\x98%\\x00P\\x98%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xac,\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x18\\x99%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x98%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xac,\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x99%\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xac,\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x99%\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1658
          },
          {
            "timestamp": "2026-06-28 21:56:16,386",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1659
          },
          {
            "timestamp": "2026-06-28 21:56:16,402",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x80\\x97&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\x1d.\\x00\\xa8\\x97&\\x00\\x18\\x98&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\x1c.\\x00\\xc0\\x97&\\x00@\\x98&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x99&\\x00\\xe0\\x99&\\x00\\x08\\x9a&\\x00 \\x9b&\\x00\\xd0\\x9a&\\x00\\xa8\\x9a&\\x00\\x80\\x9a&\\x00H\\x9b&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\x9a&\\x00\\xa8\\x9a&\\x00\\x80\\x9a&\\x00H\\x9b&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x99&\\x00\\x08\\x9a&\\x00 \\x9b&\\x00\\xd0\\x9a&\\x00\\xa8\\x9a&\\x00\\x80\\x9a&\\x00H\\x9b"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1660
          },
          {
            "timestamp": "2026-06-28 21:56:16,402",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1661
          },
          {
            "timestamp": "2026-06-28 21:56:16,402",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x1f\\x00\\x00\\x00\\x00\\x000\\x07\\x1f\\x00\\x01\\x00\\x00\\x00\\xc4\\xf7\\x1e\\x00\\x01\\x00\\x00\\x00\\xc4\\xf7\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8n\\x03\\x00\\x01\\x00\\x00\\x00\\xc8n\\x03\\x00\\x02\\x00\\x00\\x00po\\x03\\x00\\x01\\x00\\x00\\x00\\xd4o\\x03\\x00\\x03\\x00\\x00\\x00\\xf4o\\x03\\x00\\x01\\x00\\x00\\x00|p\\x03\\x00\\xff\\xff\\xff\\xff8\\x00P\\x18*\\x00\\x00\\x00\\xe1\\xd1\\x88\\xc9\\x06\\xc8\\x84\\xc8\\x02\\x89\\xe4\\xe3P\\xbb\\x1b\\x000F$\\x00\\xaa\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xac'\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 q\\x03\\x00\\x00\\x00\\x00\\x00hq\\x03\\x00\\xff\\xff\\xff\\xff<\\x00@\\x082\\x00@\\x00\\xe1\\x83\"\\xe4\\xfe\\x00P\\x18\\xef\\x00@\\x00\\xe1\\x87\\xd2\\x07\\xd1\\x86\\xc9\\x04\\xc8\\x82(\\xe4`\\xcc\\x1b\\x00\\x00F$\\x00\\xff\\xff\\xff\\xff\\xd4'\\x1f\\x00\\xff\\xff\\xff\\xff\\xc0'\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80s\\x03\\x00\\x00\\x00\\x00\\x00\\x9cs\\x03\\x00\\x01\\x00\\x00\\x00Pv\\x03\\x00\\xff\\xff\\xff\\xffxv\\x03\\x00\\x01\\x00\\x00\\x00\\x88v\\x03\\x00\\xff\\xff\\xff\\xffh\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1662
          },
          {
            "timestamp": "2026-06-28 21:56:16,402",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1663
          },
          {
            "timestamp": "2026-06-28 21:56:16,402",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\t\\x00\\x00\\x00\\x00\\x00\\x08\\x9c\t\\x00\\x10\\x00\\x00\\x00l\\x9c\t\\x00\t\\x00\\x00\\x00t\\x9c\t\\x00\\xff\\xff\\xff\\xffj\\x000\\x18\\xe1\\x89\\xd2\\x07\\xd1\\x86\\xc9\\x04\\xc8\\x82(\\xe4`\\xcc\\x1b\\x00\\xc0\\x94$\\x00\\xff\\xff\\xff\\xff\\x18\\x9b\\x1f\\x00\\x00\\x00\\x00\\x008\\x9b\\x1f\\x00\\x01\\x00\\x00\\x00T\\x9b\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd4\\x9c\t\\x00\\xff\\xff\\xff\\xff8\\x9d\t\\x00\\x02\\x00\\x00\\x00\\xf0\\x9d\t\\x00\\x00\\x00\\x00\\x00\"\\x00p\\x10\\xe1\\x83\\xc8\\x82$\\xe4\\xe3\\xe3`\\xcc\\x1b\\x00\\x90\\x94$\\x00\\xff\\xff\\xff\\xffp\\x9b\\x1f\\x00\\x00\\x00\\x00\\x00((\\x1f\\x00\\x00\\x00\\x00\\x00X\\x9e\t\\x00\\xff\\xff\\xff\\xff\\x88\\x9e\t\\x00\\x01\\x00\\x00\\x004\\x00p\\x10\\xe1\\x83\\xd1\\x04\\xc8\\x82&\\xe4`\\xcc\\x1b\\x00`\\x94$\\x00\\xff\\xff\\xff\\xff\\x88\\x9b\\x1f\\x00\\x00\\x00\\x00\\x00\\xe0%\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x9f\t\\x00\\x00\\x00\\x00\\x00\\x08\\x9f\t\\x00\\xff\\xff\\xff\\xff$\\x9f\t\\x00\\x00\\x00\\x00\\x00H\\x9f\t\\x00\\x01\\x00\\x00\\x00~\\x000\\x18\\xe1\\x8f\\xd2\\x07\\xd1\\x86"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1664
          },
          {
            "timestamp": "2026-06-28 21:56:16,402",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1665
          },
          {
            "timestamp": "2026-06-28 21:56:16,402",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x0e\\x00\\x01\\x00\\x00\\x00\\x00\\xc6\\x0e\\x00\\xff\\xff\\xff\\xff0\\xc6\\x0e\\x00\\x00\\x00\\x00\\x00\\x1b\\x00p\\x08\\xe1\\x83\"\\xe4`\\xcc\\x1b\\x00\\x80\\xd1$\\x00\\xff\\xff\\xff\\xff\\xb4\\x07 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00d\\xc8\\x0e\\x00\\xff\\xff\\xff\\xfft\\xc8\\x0e\\x00\\x00\\x00\\x00\\x00\\x87\\x00P\\x10\\x80\\x00@\\x00\\xe1\\x89\\xc9\\x04\\xc8\\x82&\\xe4`\\xcc\\x1b\\x000\\xd6$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xcd\\x0e\\x00\\xff\\xff\\xff\\xff\\x84\\xcd\\x0e\\x00\\x00\\x00\\x00\\x00\\x8c\\xcd\\x0e\\x00\\xff\\xff\\xff\\xffh\\xce\\x0e\\x00\\x00\\x00\\x00\\x00\\x84\\xce\\x0e\\x00\\xff\\xff\\xff\\xff\\x7f\\x01P\\x18_\\x01\\x00\\x00\\xe1\\xc9\\x88\\xc9\\x06\\xc8\\x84\\xc8\\x02\\x89\\xe4\\xe3P\\xbb\\x1b\\x00\\xd0\\xd5$\\x00\\xaa\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xcc\\x07 \\x00\\xff\\xff\\xff\\xff\\x88>\\x1f\\x00\\x01\\x00\\x00\\x00\\xd4e\\x1f\\x00\\x02\\x00\\x00\\x00\\xe4\\x07 \\x00\\x03\\x00\\x00\\x00Tc\\x1f\\x00\\x04\\x00\\x00\\x00\\xdc?\\x1f\\x00\\x05\\x00\\x00\\x00h\\xfc\\x1e\\x00\\x06\\x00\\x00\\x00\\xb0\\xfc\\x1e\\x00\\xff\\xff\\xff\\xffD\\xf2\\x1e\\x00\\x04\\xcf\\x0e\\x00\\x00\\x00\\x00\\x00\\x08\\xcf"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1666
          },
          {
            "timestamp": "2026-06-28 21:56:16,402",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1667
          },
          {
            "timestamp": "2026-06-28 21:56:16,418",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "%\\x00\\xff\\xff\\xff\\xff\\xac\\x05\\x1f\\x00\\x00\\x00\\x00\\x00t\\xb0\\x1f\\x00\\x01\\x00\\x00\\x004\\x01\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x97\\x13\\x00\\x00\\x00\\x00\\x00\\xac\\x97\\x13\\x00\\xff\\xff\\xff\\xff\\xd0\\x97\\x13\\x00\\x00\\x00\\x00\\x00\\xdc\\x97\\x13\\x00\\x01\\x00\\x00\\x00\\xf8\\x97\\x13\\x00\\x00\\x00\\x00\\x00\\xfc\\x97\\x13\\x00\\x01\\x00\\x00\\x00\\x14\\x98\\x13\\x00\\x02\\x00\\x00\\x009\\x00p\\x10\\xe1\\x8b\\xc8\\x82$\\xe4\\xe3\\xe3`\\xcc\\x1b\\x00@\\x17%\\x00\\xff\\xff\\xff\\xfft\\xb0\\x1f\\x00\\x00\\x00\\x00\\x004\\x01\\x1f\\x00\\x00\\x00\\x00\\x00\\xdc\\x98\\x13\\x00\\x00\\x00\\x00\\x00\\xe0\\x98\\x13\\x00\\xff\\xff\\xff\\xff\\x04\\x99\\x13\\x00\\x00\\x00\\x00\\x00\\x10\\x99\\x13\\x00\\x01\\x00\\x00\\x00$\\x99\\x13\\x00\\x00\\x00\\x00\\x00_\\x00P\\x10Z\\x00@\\x00\\xe1\\x8d\\xd0\\x82$\\xe4\\xe3\\xe3`\\xcc\\x1b\\x00\\x10\\x17%\\x00\\xff\\xff\\xff\\xff\\xc4x \\x00\\x00\\x00\\x00\\x00\\xf4x \\x00\\x00\\x00\\x00\\x00`\\xb0\\x1f\\x00\\x02\\x00\\x00\\x00\\xf4x \\x00\\x00\\x00\\x00\\x00\\xf4x \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbc\\x99\\x13\\x00\\x00\\x00\\x00\\x00\\xe0\\x99"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1668
          },
          {
            "timestamp": "2026-06-28 21:56:16,418",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1669
          },
          {
            "timestamp": "2026-06-28 21:56:16,418",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x19\\x00\\x01\\x00\\x00\\x008^\\x19\\x00\\x00\\x00\\x00\\x00<^\\x19\\x00\\x01\\x00\\x00\\x00`^\\x19\\x00\\x00\\x00\\x00\\x00l^\\x19\\x00\\xff\\xff\\xff\\xff\\xa0^\\x19\\x00\\x00\\x00\\x00\\x00\\xbc^\\x19\\x00\\x02\\x00\\x00\\x00\\xe0^\\x19\\x00\\x00\\x00\\x00\\x00\\xe4^\\x19\\x00\\x02\\x00\\x00\\x00\\x04_\\x19\\x00\\x00\\x00\\x00\\x00\\x08_\\x19\\x00\\x02\\x00\\x00\\x00P_\\x19\\x00\\x00\\x00\\x00\\x00T_\\x19\\x00\\x03\\x00\\x00\\x00\\x8c_\\x19\\x00\\x00\\x00\\x00\\x00\\x90_\\x19\\x00\\x04\\x00\\x00\\x00\\xb8_\\x19\\x00\\x00\\x00\\x00\\x00\\xbc_\\x19\\x00\\x03\\x00\\x00\\x00\\xf8_\\x19\\x00\\x00\\x00\\x00\\x00\\xfc_\\x19\\x00\\x02\\x00\\x00\\x004`\\x19\\x00\\x00\\x00\\x00\\x00@`\\x19\\x00\\xff\\xff\\xff\\xff``\\x19\\x00\\x00\\x00\\x00\\x00l`\\x19\\x00\\xff\\xff\\xff\\xff\\x90`\\x19\\x00\\x00\\x00\\x00\\x00\\xe0`\\x19\\x00\\x05\\x00\\x00\\x00\\xf8`\\x19\\x00\\x00\\x00\\x00\\x00\\xfc`\\x19\\x00\\x05\\x00\\x00\\x00 a\\x19\\x00\\x00\\x00\\x00\\x00,a\\x19\\x00\\xff\\xff\\xff\\xffTa\\x19\\x00\\x00\\x00\\x00\\x00Xa\\x19\\x00\\xff\\xff\\xff\\xff\\x94a\\x19\\x00\\x00\\x00\\x00\\x00\\x98a"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1670
          },
          {
            "timestamp": "2026-06-28 21:56:16,418",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1671
          },
          {
            "timestamp": "2026-06-28 21:56:16,418",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "ler@?1??make_marshaler@impl@winrt@@YAHPEAUtype@?$abi@UIUnknown@Foundation@Windows@winrt@@X@23@PEAPEAX@Z@\\x00\\x00\\x00\\x00\\x00\\x00(r!\\x80\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.?AUIMarshal@impl@winrt@@\\x00\\x00\\x00\\x00\\x00\\x00\\x00(r!\\x80\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.?AUerror_info_fallback@impl@winrt@@\\x00\\x00\\x00\\x00(r!\\x80\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.?AUIErrorInfo@impl@winrt@"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1672
          },
          {
            "timestamp": "2026-06-28 21:56:16,418",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1673
          },
          {
            "timestamp": "2026-06-28 21:56:16,418",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "AsyncInfo@Foundation@Windows@winrt@@X@impl@winrt@@\\x00\\x00\\x00\\x00(r!\\x80\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.?AU?$producer@Upromise_type@?$coroutine_traits@UIAsyncAction@Foundation@Windows@winrt@@AEAVAccountsControlOperation@Msai@@PEAUHWND__@@AEBV?$shared_ptr@VUri@Msai@@@std@@AEBV?$basic_strin"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1674
          },
          {
            "timestamp": "2026-06-28 21:56:16,418",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1675
          },
          {
            "timestamp": "2026-06-28 21:56:16,418",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x07\\x00\\xb1\\x00a\\x01(_\\x07\\x00\\xa8)(\\x00\\xd0_\\x07\\x00\\xf8)(\\x00\\xf0`\\x07\\x00\\x18*(\\x00\\x98f\\x07\\x00]\\x00b\\x01\\x00g\\x07\\x00e\\x00a\\x01pg\\x07\\x009\\x00a\\x01\\xa8g\\x07\\x00\\x99\\x00\\xe4\\x01@h\\x07\\x00\\x00+(\\x00\\x08i\\x07\\x00\\x14+(\\x00\\xc8i\\x07\\x00\\xa1\\x00b\\x01pj\\x07\\x009\\x00b\\x01\\xb8j\\x07\\x00@+(\\x00\\x18l\\x07\\x00\\x99\\x00a\\x01\\xb0l\\x07\\x00\\x88+(\\x00\\x90m\\x07\\x00\\xc0+(\\x00@n\\x07\\x00\\xd8+(\\x00\\xc0n\\x07\\x001\\x00a\\x01\\xf0n\\x07\\x009\\x00b\\x010o\\x07\\x00\\xe8+(\\x00\\xb0t\\x07\\x00\\xc0-(\\x00\\x90u\\x07\\x009\\x00a\\x01\\xd0u\\x07\\x00\\xf0-(\\x00Pw\\x07\\x001\\x00a\\x01\\x80w\\x07\\x001\\x00a\\x01\\xb0w\\x07\\x001\\x00a\\x01\\xe0w\\x07\\x00!\\x00\\xe0\\x00\\x00x\\x07\\x00Y\\x00b\\x01`x\\x07\\x00E\\x00a\\x01\\xa8x\\x07\\x00E\\x00a\\x01\\xf0x\\x07\\x008.(\\x000z\\x07\\x009\\x00b\\x01pz"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1676
          },
          {
            "timestamp": "2026-06-28 21:56:16,418",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1677
          },
          {
            "timestamp": "2026-06-28 21:56:16,418",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000334"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1678
          },
          {
            "timestamp": "2026-06-28 21:56:16,418",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01\\x01"
              },
              {
                "name": "Length",
                "value": "38438"
              }
            ],
            "repeated": 0,
            "id": 1679
          },
          {
            "timestamp": "2026-06-28 21:56:16,418",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00i>b\\xa4\\xb6\\xda\\x01\\x00i>b\\xa4\\xb6\\xda\\x01\\x00i>b\\xa4\\xb6\\xda\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1680
          },
          {
            "timestamp": "2026-06-28 21:56:16,418",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f0"
              }
            ],
            "repeated": 0,
            "id": 1681
          },
          {
            "timestamp": "2026-06-28 21:56:16,433",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1682
          },
          {
            "timestamp": "2026-06-28 21:56:16,433",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000408"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1683
          },
          {
            "timestamp": "2026-06-28 21:56:16,433",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000408"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1684
          },
          {
            "timestamp": "2026-06-28 21:56:16,433",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000408"
              }
            ],
            "repeated": 0,
            "id": 1685
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1686
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\"
              }
            ],
            "repeated": 0,
            "id": 1687
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\"
              }
            ],
            "repeated": 0,
            "id": 1688
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native"
              }
            ],
            "repeated": 0,
            "id": 1689
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native"
              }
            ],
            "repeated": 0,
            "id": 1690
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86"
              }
            ],
            "repeated": 0,
            "id": 1691
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86"
              }
            ],
            "repeated": 0,
            "id": 1692
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8ee52",
            "parentcaller": "0x00c8ee3d",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native"
              }
            ],
            "repeated": 0,
            "id": 1693
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8ee52",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\"
              }
            ],
            "repeated": 0,
            "id": 1694
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1695
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000410"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1696
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\xd4&\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1697
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\xd4&\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1698
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\xd4&\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1699
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1700
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x01\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x96\\x8c\\x81W\\xf7\\xe2\\xd2W\\xf7\\xe2\\xd2W\\xf7\\xe2\\xd2\\x1c\\x8f\\xe1\\xd3\\\\xf7\\xe2\\xd2\\x1c\\x8f\\xe7\\xd3\\xe1\\xf7\\xe2\\xd2\\x95v\\xe6\\xd3F\\xf7\\xe2\\xd2\\x95v\\xe1\\xd3M\\xf7\\xe2\\xd2\\x1c\\x8f\\xe6\\xd3N\\xf7\\xe2\\xd2\\x1c\\x8f\\xe4\\xd3V\\xf7\\xe2\\xd2\\x95v\\xe7\\xd3?\\xf7\\xe2\\xd2\\x1c\\x8f\\xe3\\xd3J\\xf7\\xe2\\xd2W\\xf7\\xe3\\xd2\\x12\\xf6\\xe2\\xd2\\xa4u\\xe7\\xd3V\\xf7\\xe2\\xd2\\xa4u\\xeb\\xd3\\xb4\\xf7\\xe2\\xd2\\xa4u\\xe2\\xd3V\\xf7\\xe2\\xd2\\xa4u\\x1d\\xd2V\\xf7\\xe2\\xd2W\\xf7u\\xd2U\\xf7\\xe2\\xd2"
              },
              {
                "name": "Length",
                "value": "27098"
              }
            ],
            "repeated": 0,
            "id": 1701
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1702
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xff\\x8bU\\x10\\x8dE\\xc4P\\xb9\\xa0\\x05= \\xc6E\\xfc\\x01\\xe8//\\x00\\x00\\x83\\xc4\\x04\\xc6E\\xfc\\x00\\x8dM\\xc4\\xe8\\xa0\\xbe\\xff\\xffj\\x14\\x0fW\\xc0\\xc7E\\xd4\\x00\\x00\\x00\\x00h\\xe8\\x83\\x1d\\x10\\x8dM\\xc4\\xc7E\\xd8\\x00\\x00\\x00\\x00\\x0f\\x11E\\xc4\\xe8L\\xbd\\xff\\xff\\x8dE\\xc4\\xc6E\\xfc\\x02P\\x8b\\xd7\\xb9\\xa1\\x05= \\xe8\\xe8.\\x00\\x00\\x83\\xc4\\x04\\xc6E\\xfc\\x00\\x8dM\\xc4\\xe8Y\\xbe\\xff\\xff\\xffu\\x14\\x8bU\\x10\\x8dM\\xdc\\x0fW\\xc0f\\x0f\\x13E\\xdc\\xe8\\xd3\\xf0\\xff\\xff\\x83\\xc4\\x04\\xc6E\\xfc\\x03\\x8dM\\xc4\\x0fW\\xc0\\xc7E\\xd4\\x00\\x00\\x00\\x00j\\x00h0\\x82\\x1d\\x10f\\x0f\\x13E\\xbc\\x0f\\x11E\\xc4\\xc7E\\xd8\\x00\\x00\\x00\\x00\\xe8\\xe3\\xbc\\xff\\xff\\x8dU\\xc4\\xc6E\\xfc\\x04\\x8dM\\xbc\\xe8$Y\\x02\\x00\\x8dM\\xc4\\xc6E\\xfc\\x06\\xe8\\xf8\\xbd\\xff\\xff\\x0fW\\xc0\\x8dU\\xbc\\x8dM\\xb4f\\x0f\\x13E\\xb4\\xe8\\xb5.\\x00\\x00\\x8dM\\xb4\\xc6E\\xfc\\x07\\xe8\\xd9+\\x00\\x00\\x89\\x07\\x8bU\\x0c\\x8dM\\x9c\\xe8,\\xef\\xff\\xff\\xc6E\\xfc\\x08\\x8dE"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1703
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1704
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcb\\xff\\xd6\\x8b\\xd7\\x8b\\xc8\\xe8\\x93\r\\x00\\x00_^[]\\xc2\\x0c\\x00\\x8b\\xce\\xe8\\xd5\\x1a\\x00\\x00\\x8b\\x0b\\x84\\xc0t\\x05\\x8bq\\x0c\\xeb\\x9aWV\\x8b1\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcb\\xff\\xd6_^[]\\xc2\\x0c\\x00\\xcc\\xcc\\xcc\\xb9\\xc9\\xea$\\x10\\xe8\\xd3\\xdd\\x15\\x003\\xc0\\xc3\\xcc\\xcc\\xcc\\xb9\\xc9\\xea$\\x10\\xe8\\xc3\\xdd\\x15\\x00\\xb8\\x02@\\x00\\x80\\xc2\\x08\\x00\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccU\\x8b\\xecj\\xffh\\x9bN\\x1a\\x10d\\xa1\\x00\\x00\\x00\\x00PQV\\xa1\\x80\\xd1\"\\x103\\xc5P\\x8dE\\xf4d\\xa3\\x00\\x00\\x00\\x00\\x8b\\xf1\\x89u\\xf0\\xb9\\xe9\\xea$\\x10\\xe8z\\xdd\\x15\\x00\\x8bE\\x08j\\x10\\x8b\\x00\\x89\\x06\\xc7F\\x04\\x00\\x00\\x00\\x00\\xc7F\\x08\\x00\\x00\\x00\\x00\\x0f\\xae\\xe8\\xe8/\\xd2\\x15\\x00\\x83\\xc4\\x04\\x89\\x00\\x89@\\x04\\x89F\\x04\\x8dN\\x0c\\xc7E\\xfc\\x00\\x00\\x00\\x00\\xc7\\x01\\x00\\x00\\x00\\x00\\xc7A\\x04\\x00\\x00\\x00\\x00\\xc7A\\x08\\x00\\x00\\x00\\x00\\xc6E\\xfc\\x01\\xc7F\\x18\\x07\\x00\\x00\\x00\\xc7F\\x1c\\x08"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1705
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1706
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "^[\\x8b\\xe5]\\xc2\\x18\\x00\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccU\\x8b\\xecj\\xffh@c\\x1a\\x10d\\xa1\\x00\\x00\\x00\\x00P\\x83\\xec\\x0cV\\xa1\\x80\\xd1\"\\x103\\xc5P\\x8dE\\xf4d\\xa3\\x00\\x00\\x00\\x00\\x8b\\xf1\\x89u\\xf0\\xb9\n\\x17%\\x10\\xe8\\xd8\\xdd\\x14\\x00\\x8b\\x06\\x8b@\\x04\\xc7\\x04\\x06\\x08\\xa3\\x1d\\x10\\x8b\\x06\\x8bH\\x04\\x8dA\\xe8\\x89D1\\xfc\\x8b\\x06\\xc7F\\x08\\x00\\x00\\x00\\x00\\xc7F\\x0c\\x00\\x00\\x00\\x00\\x8bH\\x04\\x03\\xceQ\\xffu\\x08\\xe8\\x15\n\\x00\\x00\\x8bF\\x10\\x8b@\\x04\\xc7D\\x06\\x10\\x00\\xa3\\x1d\\x10\\x8bF\\x10\\x8bH\\x04\\x8dA\\xf8\\x89D1\\x0c\\x8b\\x06\\x8b@\\x04\\xc7\\x04\\x06\\x10\\xa3\\x1d\\x10\\x8b\\x06\\x8bH\\x04\\x8dA\\xe0\\x89D1\\xfc\\x8b\\xc6\\x8bM\\xf4d\\x89\r\\x00\\x00\\x00\\x00Y^\\x8b\\xe5]\\xc2\\x08\\x00\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xb9\\xc7\\x17%\\x10\\xe8C\\xdd\\x14\\x00h\\x90\\xa2\\x1d\\x10\\xe8\\x03\\xaa\\x14\\x00\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccV\\x8b\\xf1\\xb9\\x13\\x17%\\x10\\xe8 "
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1707
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x04\\x8b6\\x89]\\xd4\\x89M\\xe0\\x89M\\xd0;\\xf7u\\xb6\\x8bU\\xf0\\x8b2\\x85\\xc9t\\x13\\x8bF\\x04\\x8b}\\xdc\\x89G\\x04\\x898\\x893\\x89^\\x04\\x01J\\x04\\x8bM\\xf4d\\x89\r\\x00\\x00\\x00\\x00Y_^[\\x8b\\xe5]\\xc2\\x08\\x00;\\xfbt\\xe8\\x8bG\\x04\\xc7E\\xec\\x00\\x00\\x00\\x00\\x89\\x18\\x89C\\x04\\x0f\\x1f\\x00\\x8b7\\x8dO\\x08\\xe8f\\xbe\\xfc\\xffj W\\xe8\\x81\\xd2\\x13\\x00\\x8bE\\xec\\x83\\xc4\\x08@\\x8b\\xfe\\x89E\\xec;\\xf3u\\xde\\x8bM\\xf0)A\\x04\\x8bM\\xf4d\\x89\r\\x00\\x00\\x00\\x00Y_^[\\x8b\\xe5]\\xc2\\x08\\x00\\xcc\\xcc\\xcc\\xccV\\x8b\\xf1\\xb9\\xd8\\x17%\\x10\\xe8\\x80\\xdd\\x13\\x00\\x83~\\x04\\x00t0\\x8bF\\x0c\\xc7@\\x04\\x00\\x00\\x00\\x00\\x8bF\\x08\\xc7\\x00\\x00\\x00\\x00\\x00\\x8bv\\x0c\\x85\\xf6t\\x16\\x0f\\x1f\\x00\\x8b\\xc6\\x8b6j\\x10P\\xe8\\x17\\xd2\\x13\\x00\\x83\\xc4\\x08\\x85\\xf6u\\xed^\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccV\\x8b\\xf1\\xb9\\xd8\\x17%\\x10\\xe80\\xdd\\x13\\x00\\x83~\\x04\\x00t9\\x8bF\\x0c\\xc7@\\x04\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1708
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1709
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xcc\\xcc\\xcc\\xcc\\xcc\\xccV\\x8b\\xf1\\xb9\\xfb\\x14%\\x10\\xe8\\x10\\xde\\x12\\x00\\x8b\\x16\\xc7\\x06\\x00\\x00\\x00\\x00R\\x8b\\x02\\x8bp\\x08\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\xff\\xd6^\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccU\\x8b\\xec\\x83\\xec\\x0cSV\\x8b\\xd9\\x8b\\xf2W\\xb9\\xfb\\x14%\\x10\\x89]\\xfc\\xe8\\xd3\\xdd\\x12\\x00j\\x18\\xe8\\xa0\\xd2\\x12\\x00\\x8b\\x0e\\x8b\\xf8\\xc7\\x06\\x00\\x00\\x00\\x00\\x83\\xc4\\x04\\x89}\\xfc\\x89O\\x04\\x8bN\\x04\\xc7F\\x04\\xff\\xff\\xff\\xff\\x89O\\x08\\x8bF\\x08\\xc7F\\x08\\x00\\x00\\x00\\x00\\x89G\\x0c\\x8bF\\x0c\\x89G\\x10\\xc7F\\x0c\\x00\\x00\\x00\\x00\\xe8\\xd0\\x1b\\xfd\\xff\\x8b\\xc8\\xbe\\x01\\x00\\x00\\x00\\xe8D\\x02\\xfd\\xff\\xf0\\x0f\\xc10\\xc7G\\x14\\x01\\x00\\x00\\x00\\x8b\\xc3\\x89;\\xc7\\x07\\x94\\xcb\\x1d\\x10_^[\\x8b\\xe5]\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccU\\x8b\\xec\\x83\\xec\\x0c\\xa1\\x80\\xd1\"\\x103\\xc5\\x89E\\xfcSVW\\x8b\\xf9\\x8b\\xda\\x89}\\xf8\\xb9\\xfb\\x14%\\x10\\x89}\\xf8\\xe86\\xdd\\x12\\x00\\x85\\xdbu\\x15\\x89\\x1f\\x8b\\xc7_^[\\x8bM\\xfc3\\xcd\\xe8\\xb3\\xd1"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1710
          },
          {
            "timestamp": "2026-06-28 21:56:16,449",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1711
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00hL\\xf2\\x1d\\x10\\x8d\\x8d$\\xff\\xff\\xff\\xc7\\x858\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x0f\\x11\\x85$\\xff\\xff\\xff\\xe8t\\xbd\\xfa\\xff\\x8d\\x85$\\xff\\xff\\xff\\xc6E\\xfc\\x08Pj\\x0f\\x8d\\x85\\x0c\\xff\\xff\\xff\\x8b\\xceP\\xe8\\xc9\\x06\\x00\\x00\\xc6E\\xfc\t\\x8bNL\\xf3\\x0f~FDQP\\x8d\\x85T\\xff\\xff\\xff\\x89\\x8d\\\\xff\\xff\\xffP\\x8d\\x8d\\xcc\\xfe\\xff\\xfff\\x0f\\xd6\\x85T\\xff\\xff\\xff\\xe8+\\xa3\\x00\\x00\\x83\\xc4\\x0c\\x8b\\xf0\\x8b\\x8dH\\xff\\xff\\xff\\x8d\\x85\\xec\\xfe\\xff\\xffP\\xc6E\\xfc\n\\xe8\\xa0\t\\x00\\x00V\\x83\\xec\\x08\\xc6E\\xfc\\x0b\\x8dM\\xd8\\xe8p\\xa1\\x00\\x00\\x8d\\x8d\\xec\\xfe\\xff\\xff\\xe8%\\xbe\\xfa\\xff\\x8d\\x85\\xe0\\xfe\\xff\\xff\\xc7\\x85\\xdc\\xfe\\xff\\xffD\\xe8\\x1c\\x10P\\xe8\\x07\\xf1\\x11\\x00\\x8d\\x85\\xd0\\xfe\\xff\\xff\\xc7\\x85\\xcc\\xfe\\xff\\xffD\\xe8\\x1c\\x10P\\xe8\\xf1\\xf0\\x11\\x00\\x83\\xc4\\x08\\x8d\\x8d\\x0c\\xff\\xff\\xff\\xe8\\xeb\\xbd\\xfa\\xff\\x8d\\x8d$\\xff\\xff\\xff\\xc6E\\xfc\\x07\\xe8\\xdc\\xbd\\xfa\\xff\\x80}\\xec\\x00tSj\t\\x8d\\x8dX\\xff\\xff\\xff\\xc6\\x85P\\xff\\xff\\xff\t\\xe8"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1712
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1713
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xf0\\x0f\\xc1C\\x04\\x0f\\x85\\x17\\x01\\x00\\x00\\x8b\\x03\\x8b0\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcb\\xff\\xd6\\xf0\\x0f\\xc1{\\x08O\\x0f\\x85\\xfb\\x00\\x00\\x00\\x8b\\x03\\x8bp\\x04\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcb\\xff\\xd6\\xe9\\xe5\\x00\\x00\\x00\\x8b}\\xc0\\x8b\\x07\\x8bp\\x04\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcf\\xff\\xd6\\x8b\\xc8\\xe8\\xdeH\\xfb\\xffP\\x8dE\\xa0hH\\xf4\\x1d\\x10P\\xe8\\x1f\\xa4\\xf9\\xff\\x83\\xc4\\x0cPj\\x00j\\x00j\\x00\\xba@\\x96d#\\xc6E\\xfc\\x04\\x8dM\\xd0\\xe8dM\\xfb\\xff\\x83\\xc4\\x10\\x8dM\\xd8P\\xe8h\\xb5\\xf9\\xff\\x8dM\\xe0Q\\x8b\\xc8\\xe8-\\xb5\\xf9\\xff\\x8dM\\xd8\\xe8\\xc5\\xb3\\xf9\\xff\\x8dM\\xd0\\xe8\\xbd\\xb3\\xf9\\xff\\x8dM\\xa0\\xe8\\x15\\xbe\\xf9\\xff\\xb8\\x91v\\x06\\x10\\xc3\\x8b]\\xc4\\xc7E\\xfc\\x00\\x00\\x00\\x00\\x8b\\x0b\\xe8\\xae\\x8f\\x03\\x00RPhD\\xfa\\x1d\\x10h\\x0c\\xfa\\x1d\\x10h\\x94\\x01\\x00\\x00j\\x01\\xe8fG\\xfb\\xff\\x8b\\x0b\\x8dE\\xd8\\x83\\xc4\\x18P\\xe8\\xf8\\xd7\\xfc\\xff\\x8dM\\xe0Q\\x8b8\\x8b\\x07\\x8bp\\x0c\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1714
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1715
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "M\\xe4\\xe8_\\xb4\\xf8\\xff\\x8dM\\xd8\\xe8W\\xb4\\xf8\\xff\\x8dM\\xbc\\xe8\\xaf\\xbe\\xf8\\xff\\xb8\\xebv\\x07\\x10\\xc3h|\\x04\\x1e\\x10h0\\x04\\x1e\\x10j\"j\\x01\\xe8\\x16H\\xfa\\xff\\x8bU\\xb4\\x83\\xc4\\x10\\x83z\\x04\\x00t\\x07\\x8bB\\x04\\xf0\\xff@\\x04\\x8bM\\xe0\\x8b\\x02\\x8bR\\x04\\x89\\x01\\x8by\\x04\\x89Q\\x04\\x85\\xfft5\\x83\\xcb\\xff\\x8b\\xc3\\xf0\\x0f\\xc1G\\x04u)\\x8b\\x07\\x8b0\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcf\\xff\\xd6\\xf0\\x0f\\xc1_\\x08Ku\\x11\\x8b\\x07\\x8bp\\x04\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcf\\xff\\xd6\\xb8\\xebv\\x07\\x10\\xc3hX\\x04\\x1e\\x10h0\\x04\\x1e\\x10j'j\\x01\\xe8\\xa1G\\xfa\\xff\\x83\\xc4\\x10\\x8dM\\xbc\\xffu\\xdc\\xe8#\\xbb\\xf8\\xffj\\x00h0\\x82\\x1d\\x10\\x8dM\\xbc\\xe8\\xd4\\xbc\\xf8\\xff\\x8dE\\xbc\\xc6E\\xfc\\x05Pj\\x00j\\x00j\\x00\\xba\\x02\\x82D\\x1e\\x8dM\\xd8\\xe8\tM\\xfa\\xff\\x83\\xc4\\x10\\x8dM\\xe4P\\xe8\r\\xb5\\xf8\\xff\\xffu\\xe0\\x8b\\xc8\\xe8\\xd3\\xb4\\xf8\\xff\\x8dM\\xe4\\xe8k\\xb3\\xf8\\xff\\x8dM\\xd8\\xe8c"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1716
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1717
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x10\\x8b\\xcf\\xff\\xd6\\x83\\xc8\\xff\\xf0\\x0f\\xc1G\\x08u\\x11\\x8b\\x07\\x8bp\\x04\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcf\\xff\\xd6j(S\\xe8\\xc1\\xd2\\x0e\\x00\\x83\\xc4\\x08_^[\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccSV\\x8b\\xf1\\xb9\\xc8\\x17%\\x10\\xe8\\xdf\\xdd\\x0e\\x00\\x8b\\x1e\\x85\\xdbtQW\\x8dK\\x10\\xe8s\\xbe\\xf7\\xff\\x8b{\\x08\\x85\\xfft5\\x83\\xc8\\xff\\xf0\\x0f\\xc1G\\x04u+\\x8b\\x07\\x8b0\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcf\\xff\\xd6\\x83\\xc8\\xff\\xf0\\x0f\\xc1G\\x08u\\x11\\x8b\\x07\\x8bp\\x04\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcf\\xff\\xd6j(S\\xe8R\\xd2\\x0e\\x00\\x83\\xc4\\x08_^[\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccU\\x8b\\xecSVW\\xb9&\\x18%\\x10\\xe8m\\xdd\\x0e\\x00\\x8b}\\x083\\xf6\\x8b]\\x0c\\x03\\xdf;\\xfbt%f\\x90\\x0f\\xb6\\x07P\\xe8\\xd6p\\x0f\\x00\\x0f\\xb6\\xc0G\\x03\\xc6\\x83\\xc4\\x04i\\xf0\\x01\\x04\\x00\\x00\\x8b\\xc6\\xc1\\xe8\\x063\\xf0;\\xfbu\\xdd\\x8d\\x0c\\xf6\\x8b\\xc1\\xc1\\xe8\\x0b_3\\xc1^i\\xc0\\x01\\x80\\x00\\x00[]\\xc2\\x08\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1718
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1719
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00Vh\\x80\\x00\\x00\\x00\\x8b\\xf1\\xe8\\xe8\\xd2\r\\x00\\x83\\xc4\\x04V\\xffu\\x0c\\x8bu\\x08VPj\\x00\\xe84e\\x10\\x00\\x83\\xc4\\x14\\x8b\\xc6^\\x8b\\xe5]\\xc2\\x08\\x00\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccS\\x8b\\xd9V\\x8dC(W\\x8bx$\\x85\\xfft!\\x8b\\x17;\\xf8\\x0f\\x95\\xc0\\x0f\\xb6\\xc0\\x8br\\x10\\x8b\\xceP\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcf\\xff\\xd6\\xc7CL\\x00\\x00\\x00\\x00\\x8b{$\\x85\\xfft!\\x8b\\x17;\\xfb\\x0f\\x95\\xc0\\x0f\\xb6\\xc0\\x8br\\x10\\x8b\\xceP\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcf\\xff\\xd6\\xc7C$\\x00\\x00\\x00\\x00_^[\\xc3\\xcc\\xcc\\xcc\\xccS\\x8b\\xd9VW\\x8dKX\\xe8\\x03-\\xf8\\xff\\x8b{T\\x85\\xfft5\\x83\\xc8\\xff\\xf0\\x0f\\xc1G\\x04u+\\x8b\\x07\\x8b0\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcf\\xff\\xd6\\x83\\xc8\\xff\\xf0\\x0f\\xc1G\\x08u\\x11\\x8b\\x07\\x8bp\\x04\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcf\\xff\\xd6\\x8b{L\\x8dC(\\x85\\xfft!\\x8b\\x17;\\xf8\\x0f\\x95\\xc0\\x0f\\xb6\\xc0\\x8br\\x10\\x8b\\xceP\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1720
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1721
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xff\\xb9Z\\x05=\\x1e\\xe8\\xfa\\xad\\xfa\\xff\\x8bE\\xa4\\x8b8\\x8b\\x07\\x8b\\xb0\\xa4\\x00\\x00\\x00\\x8d\\x85D\\xff\\xff\\xffP\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcf\\xff\\xd6\\x8b\\xd0\\xc6E\\xfc\r\\x8dM\\xc8\\xe8<\\xde\\xfa\\xff\\x8d\\x8dD\\xff\\xff\\xff\\xc6E\\xfc\\x0f\\xe8}\\xbe\\xf5\\xff\\x8dM\\xc8\\xe8\\x05\\xee\\xf7\\xff\\x8dM\\xc8\\x84\\xc0t\\x1a\\x8bE\\x98\\xc7\\x00\\x00\\x00\\x00\\x00\\xc7@\\x04\\x00\\x00\\x00\\x00\\xe8\\xd9t\\xf6\\xff\\xe9\\xd4\\xfe\\xff\\xff\\xe8?\\xe1\\xfa\\xff\\xff5\\xd0X\\x1e\\x10\\x0fW\\xc0\\xc7E\\x80\\x00\\x00\\x00\\x00\\xff5\\xccX\\x1e\\x10\\x8d\\x8dp\\xff\\xff\\xff\\xc7E\\x84\\x00\\x00\\x00\\x00\\x0f\\x11\\x85p\\xff\\xff\\xff\\xe8\\xf0\\xbc\\xf5\\xff\\xc6E\\xfc\\x10\\x8d\\x85p\\xff\\xff\\xff\\x83}\\x84\\x0f\\x8dU\\xc8\\xffu\\x80\\x0fG\\x85p\\xff\\xff\\xff\\x8bM\\x94P\\xe8<\\xdf\\xfa\\xff\\x83\\xc4\\x08\\xc6E\\xfc\\x0f\\x8d\\x8dp\\xff\\xff\\xff\\xe8\\xea\\xbd\\xf5\\xff\\x8b}\\xe8\\x8dM\\xc8\\x83\\xec\\x10\\x8b\\x07\\x8b\\xb0\\xa8\\x00\\x00\\x00\\x8dE\\xa8P\\xe8\\x90q\\xf6\\xffP\\x8b\\xce\\xc6E\\xfc\\x11\\xff\\x15\\xac"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1722
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1723
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xfe\\xff\\xff\\xe8\\xfe\\x1d\\x00\\x00\\x83\\xc4\\x04\\x8d\\x8d\\xd4\\xfe\\xff\\xff\\xc6E\\xfc\\x0e\\xe8\\x1c\\xb5\\xf4\\xff\\x8b\\x95\\xcc\\xfe\\xff\\xff\\xe8\\xe1\\xb9\\xf4\\xffj \\xff\\xb5\\xcc\\xfe\\xff\\xff\\xe8\\xb7\\xd2\\x0b\\x00\\x83\\xc4\\x08\\x8d\\x8d\\x08\\xff\\xff\\xff\\xe8\\x96.\\xf5\\xff\\x84\\xc0tD\\x8b\\xb5\\x9c\\xfe\\xff\\xff\\x8b\\x8d\\x0c\\xff\\xff\\xff\\xc7\\x06\\x00\\x00\\x00\\x00\\xc7F\\x04\\x00\\x00\\x00\\x00\\x85\\xc9t\n\\xf0\\xffA\\x04\\x8b\\x8d\\x0c\\xff\\xff\\xff\\x8b\\x85\\x08\\xff\\xff\\xff\\x89N\\x04\\x8d\\x8d\\xe8\\xfe\\xff\\xff\\x89\\x06\\xe8E\\x1a\\x00\\x00\\x8b\\xc6\\xe9j\\x13\\x00\\x00\\x8b\\x85\\xa0\\xfe\\xff\\xff\\x8b8\\x8b\\x07\\x8b\\xb0\\xac\\x00\\x00\\x00\\x8d\\x85\\xe8\\xfe\\xff\\xffP\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcf\\xff\\xd6Q\\x0fW\\xc0\\xc7E\\x8c\\x00\\x00\\x00\\x00\\x8dE\\x8cP\\x8d\\x8d`\\xff\\xff\\xff\\x0f\\x11\\x85`\\xff\\xff\\xff\\x0f\\x11\\x85p\\xff\\xff\\xff\\xe8C\\xdf\\xf4\\xff\\x8b\\x85\\xa0\\xfe\\xff\\xff\\x0fW\\xc0\\xc6E\\xfc\\x0f\\x0f\\x11\\x858\\xff\\xff\\xff\\x8b8\\x0f\\x11\\x85H\\xff\\xff\\xff\\x8b\\x07\\x8b\\xb0\\xc8\\x00\\x00\\x00\\x8d\\x858\\xff\\xff\\xffP\\x8b"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1724
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xcc\\xcc\\xcc\\xcc\\xcc\\xccV\\x8b\\xf1\\x80~d\\x00t\\x1d\\x8dNL\\xe8\\x1f\\xb5\\xf3\\xff\\x8bVD\\xe8W\\xb6\\xf3\\xffj8\\xffvD\\xe8\\xc0\\xd2\n\\x00\\x83\\xc4\\x08\\x80~8\\x00t%\\x8dN,\\xe8<\\xb2\\xf4\\xff\\x8dN\\x18\\xe8\\xf4\\xb4\\xf3\\xff\\x8bV\\x10\\xe8,\\xb6\\xf3\\xffj8\\xffv\\x10\\xe8\\x95\\xd2\n\\x00\\x83\\xc4\\x08^\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccV\\x8b\\xf1\\x80~8\\x00t%\\x8dN,\\xe8\\xff\\xb1\\xf4\\xff\\x8dN\\x18\\xe8\\xb7\\xb4\\xf3\\xff\\x8bV\\x10\\xe8\\xef\\xb5\\xf3\\xffj8\\xffv\\x10\\xe8X\\xd2\n\\x00\\x83\\xc4\\x08^\\xc3U\\x8b\\xec\\x83\\xe4\\xf8QV\\x8b\\xf1\\xb9\\xb1\\x08%\\x10\\xe8y\\xdd\n\\x00\\xffu\\x14\\x8b\\xce\\xffu\\x10\\xffu\\x0c\\xffu\\x08\\xe8i9\\xf7\\xff\\x83\\xc4\\x10^\\x8b\\xe5]\\xc3\\xccU\\x8b\\xecj\\xffh\\xed[\\x1b\\x10d\\xa1\\x00\\x00\\x00\\x00P\\x83\\xecX\\xa1\\x80\\xd1\"\\x103\\xc5\\x89E\\xf0VWP\\x8dE\\xf4d\\xa3\\x00\\x00\\x00\\x00\\x8b\\xfa\\x8b\\xc1\\x89E\\xd0\\x89E\\xd4\\x8bu\\x08\\xb9&\\x18"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1725
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1726
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "M\\xd0\\xe8\\xcf\\xea\\xf4\\xff\\x8b\\xc8\\x8dE\\xb8;\\xc8t\\x11\\x83}\\xcc\\x0f\\xffu\\xc8\\x0fGE\\xb8P\\xe8\\x15^\\xf4\\xff\\x8d\\x8dP\\xff\\xff\\xff\\xc6E\\xfc\\x04\\xe8\\x96\\xbe\\xf2\\xff\\x8b\\xb5l\\xff\\xff\\xff\\x8dM\\xd0\\x8b\\xd6\\xe8\\x06\\x19\\x00\\x00\\x8b>\\x8b\\x07\\x8b\\xb0d\\x01\\x00\\x00\\x8d\\x85P\\xff\\xff\\xffP\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcf\\xff\\xd6\\x8d\\x8dP\\xff\\xff\\xff\\x8bp\\x10\\xe8[\\xbe\\xf2\\xff\\x85\\xf6\\x0f\\x84\\xb0\\x00\\x00\\x00\\x8b\\xbdl\\xff\\xff\\xff\\x8b?\\x8b\\x07\\x8b\\xb0d\\x01\\x00\\x00\\x8d\\x85,\\xff\\xff\\xffP\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcf\\xff\\xd6\\x8b\\xf0\\xc6E\\xfc\t\\x8d\\x8dP\\xff\\xff\\xffj\\x0c\\x0fW\\xc0\\xc7\\x85`\\xff\\xff\\xff\\x00\\x00\\x00\\x00h\\x90Y\\x1e\\x10\\x0f\\x11\\x85P\\xff\\xff\\xff\\xc7\\x85d\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xe8\\xca\\xbc\\xf2\\xff\\x8d\\x85P\\xff\\xff\\xff\\xc6E\\xfc\nP\\x8dM\\xd0\\xe8\\xf7\\xe9\\xf4\\xff\\x8b\\xf8;\\xfet(\\x8b\\xcf\\xe8\\xda\\xbd\\xf2\\xff\\x0f\\x10\\x06\\x0f\\x11\\x07\\xf3\\x0f~F\\x10f\\x0f\\xd6G\\x10\\xc7F\\x10\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1727
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1728
          },
          {
            "timestamp": "2026-06-28 21:56:16,465",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "t)\\x8b3\\x8dE\\x08;\\xd8\\x0f\\x95\\xc0\\x8bv\\x10\\x8b\\xce\\x0f\\xb6\\xc0P\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcb\\xff\\xd6\\xeb\\x03\\x89Y$\\xc7E,\\x00\\x00\\x00\\x00\\x8dO0\\xe8\\xe3\\xc4\\xf4\\xff\\x8b],\\x85\\xdbt\\x1d\\x8b3\\x8dE\\x08;\\xd8\\x0f\\x95\\xc2\\x8bv\\x10\\x8b\\xce\\x0f\\xb6\\xd2R\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8b\\xcb\\xff\\xd6\\x8b\\xc7_^[]\\xc2(\\x00\\xcc\\xcc\\xcc\\xcc\\xcc\\xccU\\x8b\\xecQV\\xb9&\\x18%\\x10\\xe8\\xae\\xdd\\x08\\x00\\x8bu\\x08\\x0fW\\xc0j\th\\xa8\\x8d\\x1e\\x10\\x8b\\xce\\x0f\\x11\\x06\\xc7F\\x10\\x00\\x00\\x00\\x00\\xc7F\\x14\\x00\\x00\\x00\\x00\\xe8\\xfc\\xbc\\xf1\\xff\\x8b\\xc6^\\x8b\\xe5]\\xc2\\x0c\\x00\\xcc\\xcc\\xccS\\x8b\\xdc\\x83\\xec\\x08\\x83\\xe4\\xf8\\x83\\xc4\\x04U\\x8bk\\x04\\x89l$\\x04\\x8b\\xecj\\xffh,\\x9b\\x1b\\x10d\\xa1\\x00\\x00\\x00\\x00PS\\x83\\xec`\\xa1\\x80\\xd1\"\\x103\\xc5\\x89E\\xecVWP\\x8dE\\xf4d\\xa3\\x00\\x00\\x00\\x00\\x8b\\xc1\\x89E\\xa0\\x89E\\x9c\\x8bs\\x08\\x89E\\x94\\x89u\\xa4\\xb9&\\x18%\\x10\\xc7E\\xfc\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1729
          },
          {
            "timestamp": "2026-06-28 21:56:16,480",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 1730
          },
          {
            "timestamp": "2026-06-28 21:56:16,480",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1731
          },
          {
            "timestamp": "2026-06-28 21:56:16,480",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xcc\\xcc\\xcc\\xcc\\xcc\\xccU\\x8b\\xec\\x83\\xec\\x0cSV\\x8b\\xd9\\x8b\\xf2W\\xb9\\xfb\\x14%\\x10\\x89]\\xfc\\xe8\\x03\\xde\\x07\\x00j\\x10\\xe8\\xd0\\xd2\\x07\\x00\\x8b\\x0e\\x8b\\xf8\\xc7\\x06\\x00\\x00\\x00\\x00\\x83\\xc4\\x04\\x89}\\xfc\\x89O\\x04\\x8bN\\x04\\x89O\\x08\\xe8!\\x1c\\xf2\\xff\\x8b\\xc8\\xbe\\x01\\x00\\x00\\x00\\xe8\\x95\\x02\\xf2\\xff\\xf0\\x0f\\xc10\\xc7G\\x0c\\x01\\x00\\x00\\x00\\x8b\\xc3\\x89;\\xc7\\x07\\xa8\\x9f\\x1e\\x10_^[\\x8b\\xe5]\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccU\\x8b\\xec\\x83\\xec\\x0cSV\\x8b\\xd9\\x8b\\xf2W\\xb9\\xfb\\x14%\\x10\\x89]\\xfc\\xe8\\x93\\xdd\\x07\\x00j\\x10\\xe8`\\xd2\\x07\\x00\\x8b\\x0e\\x8b\\xf8\\xc7\\x06\\x00\\x00\\x00\\x00\\x83\\xc4\\x04\\x89}\\xfc\\x89O\\x04\\x8bN\\x04\\x89O\\x08\\xe8\\xb1\\x1b\\xf2\\xff\\x8b\\xc8\\xbe\\x01\\x00\\x00\\x00\\xe8%\\x02\\xf2\\xff\\xf0\\x0f\\xc10\\xc7G\\x0c\\x01\\x00\\x00\\x00\\x8b\\xc3\\x89;\\xc7\\x07\\x94\\x9f\\x1e\\x10_^[\\x8b\\xe5]\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccV\\x8b\\xf1\\xb9\\xfb\\x14%\\x10\\xe80\\xdd\\x07\\x00\\xb9l\\x9f\\x1e\\x10\\xba\\x0c\\x00\\x00\\x00\\x8b\\x06;"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1732
          },
          {
            "timestamp": "2026-06-28 21:56:16,480",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1733
          },
          {
            "timestamp": "2026-06-28 21:56:16,480",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x04\\x89A\\x04\\xe8M\\x10\\x00\\x00V\\xbf\\x01\\x00\\x00\\x00\\xe8\\xbc\\xb6\\x06\\x00\\x83\\xc4\\x04\\x8b\\xc7_^[\\x8b\\xe5]\\xc2\\x04\\x00V3\\xff\\xe8\\xa6\\xb6\\x06\\x00\\x83\\xc4\\x04\\x8b\\xc7_^[\\x8b\\xe5]\\xc2\\x04\\x00j\\x05\\xe8(\\xb8\\x06\\x00Hj\\x06\\x89F,\\xe8\\x1d\\xb8\\x06\\x00\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccU\\x8b\\xecQVW\\x8b\\xf9\\xb9&\\x18%\\x10\\xe8\\xbb\\xdd\\x06\\x00\\x8dwXV\\xe8N\\xb6\\x06\\x00\\x83\\xc4\\x04\\x85\\xc0\\x0f\\x85\\x92\\x00\\x00\\x00\\x8bF,=\\xff\\xff\\xff\\x7f\\x0f\\x84\\x8b\\x00\\x00\\x00\\x8b\\x8f\\x90\\x00\\x00\\x00S\\x8b\\x9f\\x90\\x00\\x00\\x00\\x81\\xc7\\x88\\x00\\x00\\x00\\x85\\xc9t[\\x8bG\\x1c\\xc1\\xe8\\x03;\\xc1v\\x1f\\x8bG\\x04\\x8b\\xcfP\\xff0\\xe8n\\x05\\x00\\x00V\\xe8\\x12\\xb6\\x06\\x00\\x83\\xc4\\x04\\x8b\\xc3[_^\\x8b\\xe5]\\xc3\\x8bW\\x04\\xe8\\x04\\x0f\\x00\\x00\\x8bG\\x04\\x89\\x00\\x8bG\\x04\\x89@\\x04\\xc7G\\x08\\x00\\x00\\x00\\x00\\x8bG\\x04\\x8bW\\x10\\x8bO\\x0c\\x89E\\xfc\\x8dE\\xfcP\\xe8\\x1d{\\xf2\\xff\\x83\\xc4\\x04V\\xe8\\xce\\xb5"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1734
          },
          {
            "timestamp": "2026-06-28 21:56:16,480",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1735
          },
          {
            "timestamp": "2026-06-28 21:56:16,480",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xff\\xff\\xe8n\\xb6\\xee\\xffj8\\xff\\xb5l\\xff\\xff\\xff\\xe8\\xd4\\xd2\\x05\\x00\\x83\\xc4\\x08\\xc6E\\xfc\\x08\\x8d\\x85\\xc4\\xfe\\xff\\xffh 0\\x00\\x10j\\x02j0P\\xe8\\xe8\\xd9\\x05\\x00\\x8d\\x8dL\\xff\\xff\\xff\\xe8\\x8a\\xbe\\xee\\xff\\x8dM\\xa0\\xe8\\x82\\xbe\\xee\\xff\\x8dM\\x88\\xe8z\\xbe\\xee\\xff\\xe9&\\x02\\x00\\x00\\x8bE\\xec\\x85\\xc0t\\x10QP\\x8dM\\xe0\\x0f\\xae\\xe8\\xe8al\\xf2\\xff\\x8bE\\xecj\\x02\\x8dM\\xec+\\xf7QP\\xffu\\xe0\\x8dE\\xc4VWP\\x8bE\\xb8\\xffp\\x04\\xff\\x15P\\xa4\\x1c\\x10\\x8b\\xf0\\x85\\xf6\\x0f\\x84\\xbe\\x01\\x00\\x00\\xff5 \\x98\\x1d\\x10\\x0fW\\xc0\\xc7E\\xb0\\x00\\x00\\x00\\x00\\xff5\\x1c\\x98\\x1d\\x10\\x8dM\\xa0\\xc7E\\xb4\\x00\\x00\\x00\\x00\\x0f\\x11E\\xa0\\xe8\\xdd\\xbc\\xee\\xffQ\\x8dE\\xa0\\xc6E\\xfc\rP\\x8d\\x8d\\xc4\\xfe\\xff\\xff\\xe8i\\x1e\\x00\\x00\\xc6E\\xfc\\x0e\\x8dM\\x88\\xff5(\\x98\\x1d\\x10\\x0fW\\xc0\\xc7E\\x98\\x00\\x00\\x00\\x00\\xff5$\\x98\\x1d\\x10\\x0f\\x11E\\x88\\xc7E\\x9c\\x00\\x00\\x00\\x00\\xe8\\x9c\\xbc\\xee\\xff\\x8b\\xd6\\xc6E\\xfc\\x0f"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1736
          },
          {
            "timestamp": "2026-06-28 21:56:16,480",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1737
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "E\\xfc\\x0f\\xe8~\\x07\\x00\\x00\\x8d\\x8dH\\xff\\xff\\xff\\xe8\\xb3\\xbe\\xed\\xff\\x8dM\\xd0\\xe8+u\\xee\\xff\\x8dM\\xe0\\xe8#u\\xee\\xff\\x8aE\\xcf\\x8bM\\xf4d\\x89\r\\x00\\x00\\x00\\x00Y_^\\x8bM\\xf03\\xcd\\xe8x\\xd2\\x04\\x00\\x8b\\xe5]\\xc2\\x04\\x00jx\\xe8\\xad\\xd2\\x04\\x00\\x8b\\xf0\\x89u\\xb8\\x8b\\xce\\xc7E\\xfc\\x02\\x00\\x00\\x00\\xe8i'\\xf1\\xffh\\xfc\\xdd\\x1e\\x10j\\x00h\\xc5\\x16=\\x1e\\x8b\\xce\\xe8&\\xa9\\xf2\\xffP\\x8dM\\x90\\xc7E\\xfc\\xff\\xff\\xff\\xff\\xe8\\xf6E\\xf1\\xffh\\xdc\\x86\"\\x10\\x8dE\\x90P\\xe8(\\xf3\\x04\\x00\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccU\\x8b\\xecj\\xffh\\xec\\x10\\x1c\\x10d\\xa1\\x00\\x00\\x00\\x00P\\x81\\xec\\xac\\x00\\x00\\x00\\xa1\\x80\\xd1\"\\x103\\xc5\\x89E\\xf0VWP\\x8dE\\xf4d\\xa3\\x00\\x00\\x00\\x00\\x8b\\xf9\\x89}\\xc4\\x8bu\\x08\\xb9&\\x18%\\x10\\x89u\\xc8\\xc7E\\x94\\x00\\x00\\x00\\x00\\xe8D\\xdd\\x04\\x00\\x8b\\xce\\xe8`\\xc2\\xed\\xff\\x84\\xc0t hP\\xde\\x1e\\x10h\\\\xdf\\x1e\\x10h\\xcb\\x01\\x00\\x00j\\x01\\xe8FG\\xef\\xff"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1738
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1739
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x9c\\xfe\\xff\\xff\\x00\\x00\\x00\\x00\\xe8\\x89\\xbd\\xec\\xff\\xc6E\\xfc4\\x8d\\x8d\\xf4\\xfe\\xff\\xffj\\x12\\x0fW\\xc0\\xc7\\x85\\x04\\xff\\xff\\xff\\x00\\x00\\x00\\x00h\\xcc\\xf3\\x1e\\x10\\x0f\\x11\\x85\\xf4\\xfe\\xff\\xff\\xc7\\x85\\x08\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xe8U\\xbd\\xec\\xff\\x8d\\x85\\x88\\xfe\\xff\\xff\\xc6E\\xfc5PV\\x8d\\x95\\xf4\\xfe\\xff\\xff\\x8d\\x8d\\xf4\\xfd\\xff\\xff\\xe8X\\xcf\\xff\\xff\\x83\\xc4\\x08\\xc6E\\xfc6\\x83x\\x14\\x0f\\x8bH\\x10v\\x02\\x8b\\x00Q\\x8b\\x8d\\x0c\\xff\\xff\\xffP\\xe8\\xb9\\xdb\\xec\\xff\\x8dM\\xd0;\\xc8t\\x15\\x83x\\x14\\x0f\\x8bH\\x10v\\x02\\x8b\\x00QP\\x8dM\\xd0\\xe8\\x9d]\\xee\\xff\\x8d\\x8d\\xf4\\xfd\\xff\\xff\\xe8\"\\xbe\\xec\\xff\\x8d\\x8d\\xf4\\xfe\\xff\\xff\\xe8\\x17\\xbe\\xec\\xff\\x8d\\x8d\\x88\\xfe\\xff\\xff\\xe8\\x0c\\xbe\\xec\\xff\\x8d\\x8d\\x94\\xfd\\xff\\xff\\xe8\\x01\\xbe\\xec\\xff\\x8d\\x8dp\\xfe\\xff\\xff\\xe8\\xf6\\xbd\\xec\\xff\\x8d\\x8d\\xa0\\xfe\\xff\\xff\\xe8\\xeb\\xbd\\xec\\xff\\x8d\\x8d\\xac\\xfd\\xff\\xff\\xe8\\xe0\\xbd\\xec\\xff\\x8d\\x8d\\xb8\\xfe\\xff\\xff\\xe8\\xd5\\xbd\\xec\\xff\\x8d\\x8d\\xd0\\xfe\\xff\\xff\\xc6E\\xfc\\x1c\\xe8\\xc6\\xbd\\xec\\xff"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1740
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x8bM\\xb8\\x85\\xc9\\x0f\\x84\\xa4\\x01\\x00\\x00\\x83}\\xbc\\x07\\x8d\\x0cM\\x02\\x00\\x00\\x00Q\\x8dE\\xa8\\x0fGE\\xa8Pj\\x01j\\x00j\\x00\\xffu\\xe0\\xff\\x15$\\xa0\\x1c\\x10\\x8b\\xc8\\xe8!\\x02\\x00\\x00j\nh\\xb4%\\x1f\\x10j\\x01j\\x00h0&\\x1f\\x10\\xffu\\xe0\\xff\\x15$\\xa0\\x1c\\x10\\x8b\\xc8\\xe8\\x01\\x02\\x00\\x00\\xc7E\\xe8\\x00\\x00\\x00\\x00\\xc6E\\xfc\\x05\\x8dM\\x90\\xff5@'\\x1f\\x10\\xff5<'\\x1f\\x10\\x83\\xec\\x08\\x8b\\xc4\\xc7\\x00P&\\x1f\\x10\\xc7@\\x04\\x17\\x00\\x00\\x00\\xe8\\x10\r\\xef\\xff\\x83\\xc4\\x10\\xc6E\\xfc\\x06\\x8bE\\xe8\\x85\\xc0t\\x0eP\\xff\\x15\\x14\\xa0\\x1c\\x10\\xc7E\\xe8\\x00\\x00\\x00\\x00\\x83}\\xa4\\x07\\x8dM\\xe8j\\x00Qj\\x00h?\\x00\\x0f\\x00j\\x01j\\x00\\x8dE\\x90\\x0fGE\\x90j\\x00Ph\\x02\\x00\\x00\\x80\\xff\\x15\\x00\\xa0\\x1c\\x10\\x8b\\xc8\\xe8\\x83\\x01\\x00\\x00j\\x04\\x8dE\\xc0\\xc7E\\xc0\\x01\\x00\\x00\\x00Pj\\x04j\\x00h\\xf0%\\x1f\\x10\\xffu\\xe8\\xff\\x15$\\xa0\\x1c\\x10\\x8b\\xc8\\xe8]\\x01\\x00\\x00j\\x04\\x8dE\\xdc\\xc7E"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1741
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1742
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xcc\\xcc\\xcc\\xcc\\xcc\\xccU\\x8b\\xec\\xb94\\x18%\\x10\\xe8\\x10\\xde\\x01\\x00\\x8bM\\x08\\x8bE\\x0cj\\xff\\x89\\x81\\x94\\x00\\x00\\x00\\x83\\xc1\\xb4\\xe8]\\xf8\\xff\\xff3\\xc0]\\xc2\\x08\\x00\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccU\\x8b\\xec\\xb94\\x18%\\x10\\xe8\\xe0\\xdd\\x01\\x00\\x8bM\\x0c\\x85\\xc9u\t\\xb8\\x03@\\x00\\x80]\\xc2\\x08\\x00\\x8bE\\x08\\x8b\\x80\\x94\\x00\\x00\\x00\\x89\\x013\\xc0]\\xc2\\x08\\x00\\xcc\\xccU\\x8b\\xec\\xb94\\x18%\\x10\\xe8\\xb0\\xdd\\x01\\x00\\x8bM\\x08\\x8bE\\x0c\\x89\\x81\\x98\\x00\\x00\\x003\\xc0]\\xc2\\x08\\x00\\xccU\\x8b\\xec\\xb94\\x18%\\x10\\xe8\\x90\\xdd\\x01\\x00\\x8bM\\x0c\\x85\\xc9u\t\\xb8\\x03@\\x00\\x80]\\xc2\\x08\\x00\\x8bE\\x08\\x8b\\x80\\x98\\x00\\x00\\x00\\x89\\x013\\xc0]\\xc2\\x08\\x00\\xcc\\xccU\\x8b\\xec\\xb94\\x18%\\x10\\xe8`\\xdd\\x01\\x00\\x8bU\\x08\\x0f\\xbfM\\x0c\\xc1\\xe1\\x053J|\\x83\\xe1 1J|3\\xc0]\\xc2\\x08\\x00\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccU\\x8b\\xec\\xb94\\x18%\\x10\\xe80\\xdd\\x01\\x00\\x8bM\\x0c\\x85\\xc9u\t\\xb8\\x03@\\x00\\x80]"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1743
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1744
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "E\\xd4\\xc7E\\xfc\\xff\\xff\\xff\\xff\\x85\\xc9t/\\x8b\\x01\\x8bp\\x08\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8bM\\xcc\\xff\\xd6\\x89E\\xd0\\x85\\xc0t\\x13\\x8b\\x00j\\x01\\x8b0\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8bM\\xd0\\xff\\xd6\\x8bE\\xd4\\x8b\\x00\\x8bp\\x14\\x8dE\\xd8P\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8bM\\xd4\\xff\\xd6\\x83}\\xe8\\x00\\xc7E\\xfc\\x01\\x00\\x00\\x00u\\x042\\xc0\\xeb\\x15\\x8bE\\xd4\\x8b\\x00\\x8bp\\x10\\x8b\\xce\\xff\\x15\\xac\\xa4\\x1c\\x10\\x8bM\\xd4\\xff\\xd6\\x0fW\\xc0\\x0f\\x11\\x07\\xc7G\\x10\\x00\\x00\\x00\\x00\\x0f\\x10E\\xd8\\xc7G\\x14\\x00\\x00\\x00\\x00\\x0f\\x11\\x07\\xf3\\x0f~E\\xe8f\\x0f\\xd6G\\x10\\x88G\\x18\\x8b\\xc7\\x8bM\\xf4d\\x89\r\\x00\\x00\\x00\\x00Y_^\\x8bM\\xf03\\xcd\\xe8\\xfc\\xd1\\x00\\x00\\x8b\\xe5]\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xccU\\x8b\\xec\\x83\\xec,SVW\\xb9~\\xe0$\\x10\\xe8J\\xdd\\x00\\x00\\x8dE\\x08P\\xe8d\\xbc\\xff\\xff\\x8b\\xd8\\x83\\xc4\\x04\\xc1\\xe8\\x17\\x81\\xe3\\xff\\xff\\x7f\\x00\\x0f\\xb6\\xc0\\x89E\\xf4\\x85\\xc0\\x0f\\x84&\\x01\\x00\\x00\\x8d\\x88"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1745
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1746
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "E\\xff\\xff\\xff\\xff\\x85\\xc9\\x0f\\x85\\xfe\\x04\\x00\\x00\\x8bF\\x1c;B\\x1c\\x0f\\x84\\x87\\x00\\x00\\x00\\x0f\\xb6\\xc8\\x0f\\xb6B\\x1c+\\xc8t\\x0e3\\xc0\\x85\\xc9\\x0f\\x9f\\xc0\\x8d\\x0cE\\xff\\xff\\xff\\xff\\x85\\xc9\\x0f\\x85\\xd1\\x04\\x00\\x00\\x0f\\xb6N\\x1d\\x0f\\xb6B\\x1d+\\xc8t\\x0e3\\xc0\\x85\\xc9\\x0f\\x9f\\xc0\\x8d\\x0cE\\xff\\xff\\xff\\xff\\x85\\xc9\\x0f\\x85\\xaf\\x04\\x00\\x00\\x0f\\xb6N\\x1e\\x0f\\xb6B\\x1e+\\xc8t\\x0e3\\xc0\\x85\\xc9\\x0f\\x9f\\xc0\\x8d\\x0cE\\xff\\xff\\xff\\xff\\x85\\xc9\\x0f\\x85\\x8d\\x04\\x00\\x00\\x0f\\xb6N\\x1f\\x0f\\xb6B\\x1f+\\xc8t\\x0e3\\xc0\\x85\\xc9\\x0f\\x9f\\xc0\\x8d\\x0cE\\xff\\xff\\xff\\xff\\x85\\xc9\\x0f\\x85k\\x04\\x00\\x00\\x03\\xf3\\x03\\xd3+\\xfb;\\xfb\\x0f\\x83\\\\xfb\\xff\\xff\\x03\\xf7\\x03\\xd7\\xff$\\xbd\\x06\\x89\\x17\\x10\\x8bF\\xe4;B\\xe4\\x0f\\x84\\x94\\x00\\x00\\x00\\x0f\\xae\\xe8\\x0f\\xb6B\\xe4\\x0f\\xb6N\\xe4+\\xc8t\\x0e3\\xc0\\x85\\xc9\\x0f\\x9f\\xc0\\x8d\\x0cE\\xff\\xff\\xff\\xff\\x85\\xc9\\x0f\\x85!\\x04\\x00\\x00\\x0f\\xae\\xe8\\x0f\\xb6N\\xe5\\x0f\\xb6B\\xe5+\\xc8t\\x0e3\\xc0\\x85\\xc9\\x0f\\x9f\\xc0"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1747
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1748
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x83\\xc8\\xff]\\xc3\\x8b\\xffU\\x8b\\xec\\x8bM\\x08\\x83\\xf9\\xfeu\r\\xe8\\xd1m\\xff\\xff\\xc7\\x00\t\\x00\\x00\\x00\\xeb8\\x85\\xc9x$;\r\\xa0\\xd5$\\x10s\\x1c\\x8b\\xc1\\x83\\xe1?\\xc1\\xe8\\x06k\\xc98\\x8b\\x04\\x85\\xa0\\xd3$\\x10\\x0f\\xb6D\\x08(\\x83\\xe0@]\\xc3\\xe8\\x9cm\\xff\\xff\\xc7\\x00\t\\x00\\x00\\x00\\xe8~*\\xff\\xff3\\xc0]\\xc3\\x8b\\xffU\\x8b\\xec\\x8dE\\x08P\\xe8\\xddU\\x00\\x00Y]\\xc3\\x8b\\xffU\\x8b\\xec\\x8dE\\x08P\\xe8\\x1aV\\x00\\x00Y]\\xc3j\\x0chH\\x81\"\\x10\\xe8=\\xe5\\xfe\\xff\\x83e\\xe4\\x00\\x8bE\\x08\\xff0\\xe8\\xc0\\x02\\x00\\x00Y\\x83e\\xfc\\x00\\x8bM\\x0c\\xe84\\x00\\x00\\x00\\x8b\\xf0\\x89u\\xe4\\xc7E\\xfc\\xfe\\xff\\xff\\xff\\xe8\\x17\\x00\\x00\\x00\\x8b\\xc6\\x8bM\\xf0d\\x89\r\\x00\\x00\\x00\\x00Y_^[\\xc9\\xc2\\x0c\\x00\\x8bu\\xe4\\x8bE\\x10\\xff0\\xe8\\xd1\\x02\\x00\\x00Y\\xc3\\x8b\\xffU\\x8b\\xec\\x83\\xec\\x10SV\\x8b\\xf1W\\x8bF\\x04\\xff0\\x8b\\x06\\xff0\\xe8D\\x01\\x00\\x00\\x8b\\xf8YY\\x85\\xfftC\\xe8\\xbb\\x1e\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1749
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1750
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x0b\\xca\\x89E\\xfc\\x89M\\xe0\\xd9e\\xe0\\xffu\\x08\\xe8\\x02\\xfd\\xff\\xff\\x83=\\xb0\\xcb$\\x10\\x01Y\\x0f\\xb7\\xd0_|%\\x81\\xe2\\xc0\\xff\\x00\\x00\\x0f\\xb7\\xc2\\x89E\\xfc\\x0f\\xae]\\xfc\\x8bM\\xfc\\x81\\xe1?\\x00\\xff\\xff\\x0f\\xb7\\xc2\\x0b\\xc8\\x89M\\xfc\\x0f\\xaeU\\xfc\\xc9\\xc3\\x8b\\xffU\\x8b\\xec\\x83\\xec V\\x8bu\\x08\\x8b\\xce\\xc1\\xe9\\x10\\x83\\xe1?\\x8b\\xd1\\x8b\\xc1\\x83\\xe2\\x01\\xf7\\xdaW\\x1b\\xd2\\x8d}\\xe0\\x83\\xe0\\x02\\x83\\xe2 \\xf7\\xd8j\\x00\\x1b\\xc0\\x83\\xe0\\x10\\x0b\\xd0\\x8b\\xc1\\x83\\xe0\\x04\\xf7\\xd8\\x1b\\xc0\\x83\\xe0\\x08\\x0b\\xd0\\x8b\\xc1\\x83\\xe0\\x08\\xf7\\xd8\\x1b\\xc0\\x83\\xe0\\x04\\x0b\\xd0\\xf7\\xc1\\x10\\x00\\x00\\x00X\\x0f\\x95\\xc0\\x83\\xe1 \\x0b\\xd0\\xf7\\xd9j\\x07\\x1b\\xc93\\xc0\\x83\\xe1\\x02\\x0b\\xd1Y\\xf3\\xab\\xd9u\\xe0\\x8bE\\xe4\\x83\\xe2?\\x83\\xe0\\xc0\\x0b\\xc2\\x89E\\xe4\\xd9e\\xe0\\xc1\\xee\\x18\\x83\\xe6?\\x8b\\xce\\x8b\\xc6\\x83\\xe1\\x01\\xf7\\xd9j\\x00\\x1b\\xc9\\x83\\xe0\\x02\\x83\\xe1 \\xf7\\xd8\\x1b\\xc0\\x83\\xe0\\x10\\x0b\\xc8\\x8b\\xc6\\x83\\xe0\\x04\\xf7\\xd8\\x1b\\xc0\\x83\\xe0\\x08\\x0b\\xc8\\x8b\\xc6\\x83\\xe0\\x08"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1751
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1752
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xb1\\xd2\\xfc\\xff\\xb8\\xf8\\xaf \\x10\\xe9`\\xef\\xfc\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\x8dM\\xc4\\xe9\\xa8\\xfb\\xe8\\xff\\x8dM\\xcc\\xe9p\\x00\\xe9\\xff\\x8dM\\xdc\\xe9\\xc8\\x01\\xe9\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\x90\\x90\\x8bT$\\x08\\x8dB\\x0c\\x8bJ\\xc03\\xc8\\xe8o\\xd2\\xfc\\xff\\xb8,\\xb0 \\x10\\xe9\\x1e\\xef\\xfc\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\x8dM\\xcc\\xe9\\x88\\x00\\xe9\\xff\\x8dM\\xe4\\xe9\\xa0\\x90\\xe7\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\x90\\x90\\x8bT$\\x08\\x8dB\\x0c\\x8bJ\\xc43\\xc8\\xe87\\xd2\\xfc\\xff\\xb8h\\xb0 \\x10\\xe9\\xe6\\xee\\xfc\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\x8bM\\xd8\\xe9\\x18\\xd8\\xe8\\xff\\x8bM\\xd8\\x83\\xc1\\x08\\xe9\\xbd\\xb3\\xe5\\xff\\x8bM\\xd8\\x83\\xc1\\x14\\xe9r\\xbe\\xe5\\xff\\x8bM\\xd8\\x83\\xc1,\\xe9g\\xbe\\xe5\\xff\\x8bM\\xd8\\x83\\xc1D\\xe9\\\\xbe\\xe5\\xff\\x8bM\\xd8\\x83\\xc1\\\\xe9Q\\xbe\\xe5\\xff\\x8bM\\xd8\\x83\\xc1t\\xe9F\\xbe\\xe5\\xff\\x8bM\\xd8\\x81\\xc1\\x8c\\x00\\x00\\x00\\xe98\\xbe\\xe5\\xff\\x8bM\\xd8\\x81\\xc1\\xa8\\x00\\x00\\x00\\xe9*\\xbe\\xe5\\xff\\x8bM\\xd8\\x81"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1753
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000334"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1754
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x10j\\x02j\\x18\\x8d\\x85\\xcc\\xfe\\xff\\xffP\\xe8\\x08\\xda\\xfb\\xff\\xc3\\x8dM\\xa4\\xe9,u\\xe5\\xff\\x8b\\x85`\\xff\\xff\\xff\\x83\\xe0\\x01\\x0f\\x84\\x12\\x00\\x00\\x00\\x83\\xa5`\\xff\\xff\\xff\\xfe\\x8b\\x8d\\xfc\\xfe\\xff\\xff\\xe9k\\x8e\\xe6\\xff\\xc3jx\\x8b\\x85x\\xff\\xff\\xffP\\xe8\\x9f\\xd2\\xfb\\xff\\x83\\xc4\\x08\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\x90\\x90\\x8bT$\\x08\\x8dB\\x0c\\x8b\\x8a\\xcc\\xfe\\xff\\xff3\\xc8\\xe8L\\xd2\\xfb\\xff\\x8bJ\\xfc3\\xc8\\xe8B\\xd2\\xfb\\xff\\xb80\\x93!\\x10\\xe9\\xf1\\xee\\xfb\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\x8dM\\xe0\\xe9xZ\\xe6\\xff\\x8dM\\xe8\\xe9\\xd0\\xb3\\xe4\\xff\\x8dM\\xa0\\xe9\\xc8\\xb3\\xe4\\xff\\x8d\\x8dl\\xff\\xff\\xff\\xe9}\\xbe\\xe4\\xff\\x8dM\\xc8\\xe9u\\xbe\\xe4\\xff\\x8dM\\x84\\xe9m\\xbe\\xe4\\xff\\x8d\\x8dl\\xff\\xff\\xff\\xe9b\\xbe\\xe4\\xff\\x8dM\\xa0\\xe9\\x9a\\xb3\\xe4\\xffjx\\x8bE\\xbcP\\xe8\\x12\\xd2\\xfb\\xff\\x83\\xc4\\x08\\xc3\\xcc\\xcc\\xcc\\xcc\\xcc\\x90\\x90\\x8bT$\\x08\\x8dB\\x0c\\x8b\\x8al\\xff\\xff\\xff3\\xc8\\xe8\\xbf\\xd1\\xfb\\xff\\x8bJ\\xfc3\\xc8\\xe8\\xb5\\xd1\\xfb\\xff"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1755
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1756
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xb8,s\"\\x10\\xe9d\\xef\\xfa\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\x8d\\x8d\\xe8\\xfd\\xff\\xff\\xe9\\xe5k\\xfa\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\x90\\x90\\x8bT$\\x08\\x8dB\\x0c\\x8b\\x8a\\xe4\\xfd\\xff\\xff3\\xc8\\xe8y\\xd2\\xfa\\xff\\x8bJ\\xfc3\\xc8\\xe8o\\xd2\\xfa\\xff\\xb8Xs\"\\x10\\xe9\\x1e\\xef\\xfa\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\x8dM\\xe8\\xe9\\xb8)\\xe6\\xff\\x8dM\\x98\\xe9\\x90l\\xfa\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\x90\\x90\\x8bT$\\x08\\x8dB\\x0c\\x8bJ\\x983\\xc8\\xe87\\xd2\\xfa\\xff\\xb8\\xecs\"\\x10\\xe9\\xe6\\xee\\xfa\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\x90\\x90\\x8bT$\\x08\\x8dB\\x0c\\x8bJ\\xf43\\xc8\\xe8\\x0c\\xd2\\xfa\\xff\\xb8lx\"\\x10\\xe9\\xbb\\xee\\xfa\\xff\\xcc\\xcc\\xcc\\x8bM\\xf0\\xe9\\x88\\xbe\\xe3\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\x90\\x90\\x8bT$\\x08\\x8dB\\x0c\\x8bJ\\xf43\\xc8\\xe8\\xdf\\xd1\\xfa\\xff\\xb8\\xa8y\"\\x10\\xe9\\x8e\\xee\\xfa\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\xcc\\x8bM\\xf0\\xe9X\\xbe\\xe3\\xff\\xcc\\xcc\\xcc\\xcc\\xcc\\x90\\x90\\x8bT$\\x08\\x8dB\\x0c\\x8bJ\\xf83"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1757
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1758
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": " \\x00E\\x00r\\x00r\\x00o\\x00r\\x00\\x00\\x00LR\\x1f\\x10 [\\x00\\x10\\x00e\\x00\\x10`R\\x1f\\x10`X\\x00\\x10\\x90X\\x00\\x10\\xa0Y\\x00\\x10\\xc0Y\\x00\\x10\\xf0Y\\x00\\x10\\x10Z\\x00\\x10@Z\\x00\\x10`Z\\x00\\x10\\x80Z\\x00\\x10\\xa0Z\\x00\\x10\\xc0Z\\x00\\x10\\xa0T\\x00\\x10\\xe0Z\\x00\\x10\\x10[\\x00\\x10\\x00\\x00\\x00\\x00AuthenticationEventSink threw a std exception: %s\\x00\\x00\\x00operator ()\\x00AuthenticationEventSink threw an unknown exception\\x00\\x00SignOutEventSink threw a std exception: %s\\x00\\x00SignOu"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1759
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1760
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "s:oauth:grant-type:saml1_1-bearer\\x00Attempt to Base64RFCEncode string '%s' failed.\\x00\\x00\\x00\\x00\\x00\\x00GetAccessTokenFromSamlGrant returned unknown saml assertion type: '%d'\\x00\\x00haschrome\\x00\\x00\\x00authorization_code\\x00\\x00Successfully created embedded browser\\x00\\x00\\x00S256\\x00\\x00\\x00\\x00brk_client_id\\x00\\x00\\x00Ru"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1761
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "4660",
            "caller": "0x00c9c92d",
            "parentcaller": "0x00cb41b8",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1762
          },
          {
            "timestamp": "2026-06-28 21:56:16,496",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1763
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00@\\x00\\x00\\x00\\xf0\\x85\\x1f\\x10\\x80U#\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\xe0\\x85\\x1f\\x10\\x0cV#\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\xf0\\x85\\x1f\\x10DV#\\x10\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x86\\x1f\\x10pV#\\x10\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x10\\x86\\x1f\\x108W#\\x10\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00 \\x86\\x1f\\x10\\xd0Z#\\x10\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00p\\x86\\x1f\\x10h\\#\\x10\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x90\\x86\\x1f\\x10\\x90[#\\x10\\x02\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x80\\x86\\x1f\\x10\\x08Z#\\x10\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1764
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1765
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xe0B\\x1a\\x10\\x00\\x00\\x00\\x00\\xe8B\\x1a\\x10\"\\x05\\x93\\x19\\x06\\x00\\x00\\x00\\x18\\x82 \\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff C\\x1a\\x10\\x00\\x00\\x00\\x00BC\\x1a\\x10\\x01\\x00\\x00\\x00MC\\x1a\\x10\\x02\\x00\\x00\\x00XC\\x1a\\x10\\x01\\x00\\x00\\x00cC\\x1a\\x10\\x00\\x00\\x00\\x00cC\\x1a\\x10\"\\x05\\x93\\x19\\x01\\x00\\x00\\x00l\\x82 \\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\xff\\xff\\xff\\xff0g\\x17\\x10\"\\x05\\x93\\x19\\x07\\x00\\x00\\x00\\x98\\x82 \\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xe0C\\x1a\\x10\\x00\\x00\\x00\\x00\\x10D\\x1a\\x10\\x00\\x00\\x00\\x00\\x08D\\x1a\\x10\\x00\\x00\\x00\\x00\\xe8C\\x1a\\x10\\x00\\x00\\x00\\x00\\xf0C\\x1a\\x10\\x04\\x00\\x00\\x00\\xf8C\\x1a\\x10\\x05\\x00\\x00\\x00\\x00D\\x1a\\x10\"\\x05\\x93\\x19\\x05\\x00\\x00\\x00\\xf4\\x82"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1766
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1767
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00@^\\x1b\\x10\\x06\\x00\\x00\\x00H^\\x1b\\x10\\x07\\x00\\x00\\x00P^\\x1b\\x10\\x06\\x00\\x00\\x00X^\\x1b\\x10\\x06\\x00\\x00\\x00c^\\x1b\\x10\n\\x00\\x00\\x00k^\\x1b\\x10\"\\x05\\x93\\x19\t\\x00\\x00\\x000\\x82!\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xb0^\\x1b\\x10\\x00\\x00\\x00\\x00\\xb8^\\x1b\\x10\\x01\\x00\\x00\\x00\\xc0^\\x1b\\x10\\x01\\x00\\x00\\x00\\xc8^\\x1b\\x10\\x01\\x00\\x00\\x00\\xd0^\\x1b\\x10\\x01\\x00\\x00\\x00\\xd8^\\x1b\\x10\\x01\\x00\\x00\\x00\\xe0^\\x1b\\x10\\x01\\x00\\x00\\x00\\xe8^\\x1b\\x10\\x01\\x00\\x00\\x00\\xf0^\\x1b\\x10\"\\x05\\x93\\x19\\x12\\x00\\x00\\x00\\xa0\\x82!\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff0_\\x1b\\x10\\x00\\x00\\x00\\x00;_\\x1b\\x10\\x01\\x00\\x00\\x00C_\\x1b\\x10\\x02\\x00\\x00\\x00N_\\x1b\\x10\\x03\\x00\\x00\\x00V_\\x1b\\x10\\x03\\x00\\x00\\x00a_\\x1b\\x10\\x03\\x00\\x00\\x00l_\\x1b\\x10\\x03\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1768
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1769
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\xc4\\x81\"\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xd4\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00f\\x8c\\x18\\x10\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xd4\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x0b\\x8c\\x18\\x10\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xd8\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00h\\x92\\x18\\x10\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xd8\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x82\\x93\\x18\\x10\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xd8\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xd3\\x92\\x18\\x10\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xd8\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00(\\x93\\x18\\x10\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xd4\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x87\\x99\\x18\\x10\\x00\\x00\\x00\\x00\\xfe\\xff"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1770
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1771
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "ccountProvider@Credentials@Security@78@@Z@X$$V@impl@winrt@@\\x00\\x00\\x00x\t\\x1d\\x10\\x00\\x00\\x00\\x00.?AV?$_Func_impl_no_alloc@V<lambda_1>@?1??LaunchAccountsControlFromDialogBox@AccountsControlHelper@Msai@@CA?AUfire_and_forget@winrt@@PAUHWND__@@ABV?$shared_ptr@VUri@Msai@@@std@@ABV?$basi"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1772
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1773
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00.?AVThreadImpl@Msai@@\\x00\\x00\\x00x\t\\x1d\\x10\\x00\\x00\\x00\\x00.?AVThread@Msai@@\\x00\\x00\\x00x\t\\x1d\\x10\\x00\\x00\\x00\\x00.?AU?$produce@Upromise_type@?$coroutine_traits@UIAsyncAction@Foundation@Windows@winrt@@AAUWebAccountProvider@Credentials@Security@34@@std@@UIAsyncInfo@Foundation@Windows@winrt@@@impl@winrt@@\\x00\\x00x\t"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1774
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1775
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xeb?\\x00`\r\\x00\\x94\\x00\\x00\\x00O0\\xae0\\xce041X1\\x891\\xad1\\xce1$2Y2\\xec2\\x103E3i3\\x8d3\\xab3\\xcc3\\xe93\\x9a4\\xc14\\x105)5F5X5t5\\xe05\\x126T6\\x067\\x18737\\x847\\xa37\\xd37\\xf17\\x158@8^8\\xd68\\x829\\xd89_:\\xcc:\\xe7:4;\\xa9;\\xc7;\\xf2;\\x10<+<v<\\xa3<\\xdf<8=\\x01>\\x1a>3>t>\\x92>\\xc6>\\xe3>\\x10?3?<?g?\\x8b?\\xa6?\\xb8?\\xd6?\\x00\\x00\\x00p\r\\x00\\x8c\\x00\\x00\\x00g0\\xcd0\\xeb0\\x031}1\\xbc1\\xda1\\x0e2,2M2j2\\xaa2\\xca2\\xee2\\x123'3F3X3w3\\xc13)4A4w4\\x934\\xab4\\xe14\\x825\\xae5/6h6\\x8c6U7y7\\xf07\\x148~8\\xa1809Q9v9\\x889\\xa49\\xd59\\xed92:h:\\x8c:\\x05;);"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1776
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1777
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x04;\\x0c;\\x14;\\x1c;$;,;4;<;D;L;T;\\;d;l;t;|;\\x84;\\x8c;\\x94;\\x9c;\\xa4;\\xac;\\xb4;\\xbc;\\xc4;\\xcc;\\xd4;\\xdc;\\xe4;\\xec;\\xf4;\\xfc;\\x04<\\x0c<\\x14< <D<L<T<\\<d<l<t<|<\\x84<\\x8c<\\x94<\\x9c<\\xa4<\\xac<\\xb4<\\xc0<\\xe4<\\xec<\\xf4<\\xfc<\\x04=\\x0c=\\x14=\\x1c=$=,=8=\\=d=l=t=|=\\x84=\\x8c=\\x94=\\x9c=\\xa4=\\xac=\\xb4=\\xbc=\\xc4=\\xcc=\\xd4=\\xdc=\\xe4=\\xec=\\xf4=\\xfc=\\x04>\\x0c>\\x14>\\x1c>$>,>4><>D>L>T>\\>d>l>t>|>\\x84>\\x8c>\\x94>\\x9c>\\xa4>\\xac>\\xb4>\\xc0>\\xe0>\\xe8>\\xf0>\\xf8>\\x00?\\x08?\\x10? ?D?L?T?\\?d?l?t?|?\\x84?\\x8c?\\x94?\\x9c?"
              },
              {
                "name": "Length",
                "value": "27206"
              }
            ],
            "repeated": 0,
            "id": 1778
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00i>b\\xa4\\xb6\\xda\\x01\\x00i>b\\xa4\\xb6\\xda\\x01\\x00i>b\\xa4\\xb6\\xda\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1779
          },
          {
            "timestamp": "2026-06-28 21:56:16,511",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              }
            ],
            "repeated": 0,
            "id": 1780
          },
          {
            "timestamp": "2026-06-28 21:56:16,527",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 2,
            "id": 1781
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1782
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1783
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000414"
              }
            ],
            "repeated": 0,
            "id": 1784
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1785
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1786
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000408"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1787
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "h\\x05\\x0b\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1788
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "h\\x05\\x0b\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1789
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "h\\x05\\x0b\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1790
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1791
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00p$?\\xb7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\" \\x0b\\x010\\x00\\x00\\xa4\n\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00B\\xc0\n\\x00\\x00 \\x00\\x00\\x00\\xe0\n\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x0b\\x00\\x00\\x02\\x00\\x00q$\\x0b\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "38330"
              }
            ],
            "repeated": 0,
            "id": 1792
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1793
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x11\\x12\\x00(\\xe7\\x00\\x00\n}&\\x06\\x00\\x04\\x12\\x00\\x02}(\\x06\\x00\\x04\\x12\\x00\\x03}'\\x06\\x00\\x04\\x12\\x00\\x04})\\x06\\x00\\x04\\x12\\x00\\x05}*\\x06\\x00\\x04\\x12\\x00\\x15}%\\x06\\x00\\x04\\x12\\x00|&\\x06\\x00\\x04\\x12\\x00(S\\x00\\x00+\\x12\\x00|&\\x06\\x00\\x04(\\xe9\\x00\\x00\n*n\\x02{\\xe1\\x00\\x00\\x04-\t\\x02\\x03\\x04(\\x95\\x03\\x00\\x06*\\x02\\x03n\\x04(x\\x02\\x00\\x06*j\\x02{\\xe1\\x00\\x00\\x04-\t\\x02\\x03\\x04(\\x96\\x03\\x00\\x06*\\x02\\x03\\x04(\\xd0\\x02\\x00\\x06*\\x86\\x0f\\x01(\\xa1\\x01\\x00\n,\\x10\\x02\\x0f\\x01(\\xa2\\x01\\x00\nn\\x04(x\\x02\\x00\\x06*\\x02\\x04(t\\x02\\x00\\x06*j\\x02{\\xe1\\x00\\x00\\x04-\t\\x02\\x03\\x04(e\\x03\\x00\\x06*\\x02\\x03\\x04(\\xd2\\x02\\x00\\x06*\\x00\\x130\\x02\\x00G\\x00\\x00\\x00\\x8b\\x00\\x00\\x11\\x12\\x00(\\xe7\\x00\\x00\n}\\xb8\\x05\\x00\\x04\\x12\\x00\\x02}\\xb9\\x05\\x00\\x04\\x12\\x00\\x03}\\xbb\\x05\\x00\\x04\\x12\\x00\\x04}\\xba\\x05\\x00\\x04\\x12\\x00\\x15}\\xb7\\x05\\x00\\x04\\x12\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1794
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1795
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x06\\x00\\x06-\\x07\\x02ok\\x03\\x00\n*r\\xefO\\x00p(\\x9f\\x00\\x00\n\\x02o\\xb3\\x04\\x00\n\\x02oc\\x03\\x00\n(\\xe4\\x05\\x00\\x06*\\x00\\x00\\x1b0\\x03\\x00\\xbe\\x00\\x00\\x00R\\x01\\x00\\x11\\x02\\x03o.\\x06\\x00\\x06%-\\x0br\\xffO\\x00ps8\\x01\\x00\\x06z\\x02oQ\\x06\\x00\\x06\n\\x03sb\\x07\\x00\\x06\\x0bo\\xb4\\x04\\x00\n\\x0c+O\\x12\\x02(\\xb5\\x04\\x00\n\r\\x02\t\\x04oS\\x06\\x00\\x06\\x13\\x04\\x11\\x04,9\\x06\\x13\\x05\\x16\\x13\\x06\\x11\\x05\\x12\\x06(\\xcf\\x03\\x00\n\\x11\\x04\\x06\\x11\\x04o#\\x07\\x00\\x06o\\x10\\x00\\x00\\x06o$\\x07\\x00\\x06\\xde\\x0c\\x11\\x06,\\x07\\x11\\x05(\\xd0\\x03\\x00\n\\xdc\\x07\\x11\\x04od\\x07\\x00\\x06\\x12\\x02(\\xb6\\x04\\x00\n-\\xa8\\xde\\x0e\\x12\\x02\\xfe\\x16\\x05\\x01\\x00\\x1bo\\x1b\\x00\\x00\n\\xdc\\x07~,\\x07\\x00\\x04%-\\x17&~&\\x07\\x00\\x04\\xfe\\x062\\x0f\\x00\\x06s\\xb7\\x04\\x00\n%\\x80,\\x07\\x00\\x04(\\xc0\\x00\\x00+(\\xc1\\x00\\x00+*\\x00\\x00\\x01\\x1c\\x00\\x00\\x02\\x00G\\x00\\x1ff"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1796
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1797
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "Buffer",
                "value": "}\\x91\\x03\\x00\\x04*\\x1e\\x02{\\x92\\x03\\x00\\x04*\"\\x02\\x03}\\x92\\x03\\x00\\x04*\\x1e\\x02{\\x93\\x03\\x00\\x04*\"\\x02\\x03}\\x93\\x03\\x00\\x04*\\x1e\\x02(\\xbf\\x00\\x00\n*\\x1as\\xef\\x05\\x00\nz\\x00\\x00\\x00\\x130\\x04\\x00\\x12\\x00\\x00\\x00\\xfb\\x01\\x00\\x11\\x02\\x03\\x12\\x00\\xfe\\x15:\\x00\\x00\\x01\\x06\\x04o\\xd6\n\\x00\\x06*&\\x02\\x14\\x03(\\xd9\n\\x00\\x06*\\x130\\x02\\x00G\\x00\\x00\\x00\\xfc\\x01\\x00\\x11\\x12\\x00(\\x1a\\x06\\x00\n}\\x04\\x08\\x00\\x04\\x12\\x00\\x02}\\x05\\x08\\x00\\x04\\x12\\x00\\x03}\\x06\\x08\\x00\\x04\\x12\\x00\\x04}\\x07\\x08\\x00\\x04\\x12\\x00\\x15}\\x03\\x08\\x00\\x04\\x12\\x00|\\x04\\x08\\x00\\x04\\x12\\x00(\\x10\\x01\\x00+\\x12\\x00|\\x04\\x08\\x00\\x04(\\x1c\\x06\\x00\n*&\\x02\\x14\\x03(\\xdb\n\\x00\\x06*&\\x02\\x03\\x04(\\xd9\n\\x00\\x06*^~\\x94\\x03\\x00\\x04-\nsy\\x0b\\x00\\x06\\x80\\x94\\x03\\x00\\x04~\\x94\\x03\\x00\\x04*\\x1e\\x02{\\x95\\x03\\x00\\x04*\"\\x02\\x03}\\x95\\x03\\x00\\x04*\\x130\\x01\\x00\\x1d\\x00\\x00\\x00\\xfd\\x01\\x00\\x11\\x02("
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1798
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1799
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\xc2\\x02\\x00\\x009\\x03\\x00\\x00\\xcc\\x03\\x00\\x00?\\x04\\x00\\x00\\xe0\\x04\\x00\\x00W\\x05\\x00\\x00\\xd0\\x05\\x00\\x00X\\x06\\x00\\x00\\xcb\\x06\\x00\\x00B\\x07\\x00\\x00\\xb8\\x07\\x00\\x00\\xb0\\x08\\x00\\x00m\t\\x00\\x00\\x07{\\xcc\\x00\\x00\\x04\\x07{\\xce\\x00\\x00\\x04\\x93\r\t\\x1fNB\\x89\\x00\\x00\\x00\t\\x1f 50\t9\\xcf\\x00\\x00\\x00\t\\x1f\tYE\\x05\\x00\\x00\\x00\\xa6\\x08\\x00\\x00\\x9b\\x08\\x00\\x00\\xb9\\x08\\x00\\x00\\xb9\\x08\\x00\\x00&\\x08\\x00\\x00\t\\x1f ;\\x9e\\x08\\x00\\x008\\xac\\x08\\x00\\x00\t\\x1f/5:\t\\x1f\";4\\x01\\x00\\x00\t\\x1f'YE\t\\x00\\x00\\x00\\x07\\x01\\x00\\x00r\\x08\\x00\\x00\\xc2\\x07\\x00\\x00r\\x08\\x00\\x00r\\x08\\x00\\x00\\xb3\\x07\\x00\\x00\\xfe\\x04\\x00\\x00r\\x08\\x00\\x00q\\x06\\x00\\x008m\\x08\\x00\\x00\t\\x1fI;z\\x04\\x00\\x00\t\\x1fN;\\xfb\\x03\\x00\\x008X\\x08\\x00\\x00\t\\x1ff5\\x1d\t\\x1f[;S\\x07\\x00\\x00\t\\x1f];g\\x07\\x00\\x00\t\\x1ff;\\xbc\\x01\\x00\\x0086\\x08\\x00\\x00\t\\x1ft5\\x15\t\\x1fn;"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1800
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1801
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\xcd\\x00\\x7f\\x07\\x94\\x0f\\x03\\x01\\x10\\x00-\\x1a\\x00\\x00\\x00\\x00\\x00\\x00\\xcd\\x00\\x87\\x07\\x96\\x0f\\x03\\x01\\x10\\x00\\x05\r\\x00\\x00\\x00\\x00\\x00\\x00\\xcd\\x00\\x8f\\x07\\x98\\x0f\\x03\\x01\\x10\\x00\\x9b$\\x00\\x00\\x00\\x00\\x00\\x00q\\x00\\x97\\x07\\x9a\\x0f\\x03\\x01\\x10\\x00\\xcb\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\xcd\\x00\\xa0\\x07\\xa4\\x0f\\x03\\x01\\x10\\x00\\xec\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\xcd\\x00\\xaa\\x07\\xa6\\x0f\\x03\\x00\\x10\\x00\r/\\x01\\x00\\x00\\x00\\x00\\x00f\\x00\\xb3\\x07\\xa8\\x0f\\x03\\x01\\x10\\x00a7\\x00\\x00\\x00\\x00\\x00\\x00\\xcd\\x00\\xb3\\x07\\xac\\x0f\\x03!\\x10\\x00\\xd8-\\x00\\x00\\x00\\x00\\x00\\x00q\\x00\\xbc\\x07\\xae\\x0f\\x03\\x01\\x10\\x00\\xe1\\x1f\\x00\\x00\\x00\\x00\\x00\\x00q\\x00\\xbe\\x07\\xb1\\x0f\\x03\\x01\\x10\\x00-\\x1a\\x00\\x00\\x00\\x00\\x00\\x00\\xcd\\x00\\xc2\\x07\\xb8\\x0f\\x03\\x00\\x10\\x00\\x9c\\x1b\\x01\\x00\\x00\\x00\\x00\\x00q\\x00\\xca\\x07\\xba\\x0f\\x03\\x01\\x10\\x00\\xef \\x00\\x00\\x00\\x00\\x00\\x00\\xcd\\x00\\xcb\\x07\\xc9\\x0f\\x03\\x01\\x10\\x00\\xe6\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\xcd\\x00\\xd3\\x07\\xcb\\x0f\\x03\\x01\\x10\\x00\\xda\\x0c\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1802
          },
          {
            "timestamp": "2026-06-28 21:56:16,543",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1803
          },
          {
            "timestamp": "2026-06-28 21:56:16,558",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x86\\x18]\\xe2\\x00\\x00\\x01\\x00\\xa8\\x0e(\\xda\\x02\\x00\\x00\\x00\\x86\\x08\\xc4\\xb2\\x00\\x00\\xff\\x9f\\xa8\\x0e0\\xda\\x02\\x00\\x00\\x00\\x86\\x18]\\xe2\\x00\\x00\\x05\\xa0\\xa8\\x0eJ\\xda\\x02\\x00\\x00\\x00\\x86\\x18]\\xe2\\x00\\x00\\xcd\\xa6\\xa9\\x0e\\\\xda\\x02\\x00\\x00\\x00\\xc6\\x00\\x069\\x00\\x00Z\\x00\\xab\\x0e\\xd4\\xda\\x02\\x00\\x00\\x00\\x81\\x00F\\xdb\\x00\\x00\\x89\\xa3\\xab\\x0e=\\xdb\\x02\\x00\\x00\\x00\\x81\\x00\\x05X\\x00\\x00Z\\x00\\xac\\x0eP\\xdb\\x02\\x00\\x00\\x00\\x81\\x00\\xe1\\xb1\\x00\\x000\\xab\\xac\\x0e\\xbc\\xdb\\x02\\x00\\x00\\x00\\x81\\x00\\xad\\xc4\\x00\\x00\\xb0\\xa4\\xad\\x0e\\xf4\\xdb\\x02\\x00\\x00\\x00\\x81\\x00\\x0fX\\x00\\x00\\xb0\\xa4\\xae\\x0e8\\xdc\\x02\\x00\\x00\\x00\\x81\\x00\\xa0\\xb2\\x00\\x00\\x05\\xa0\\xaf\\x0e9\\xde\\x02\\x00\\x00\\x00\\x81\\x00\\xa9\\xa0\\x00\\x00\\x984\\xb0\\x0eH\\xde\\x02\\x00\\x00\\x00\\xe1\\x01I\\xc3\\x00\\x00Z\\x00\\xb1\\x0et\\xde\\x02\\x00\\x00\\x00\\xe1\tO\\xc9\\x00\\x00c\\x03\\xb1\\x0e\\xa0\\xde\\x02\\x00\\x00\\x00\\xe1\t\\x82\\xbd\\x00\\x00c\\x03\\xb1\\x0e\\xcc\\xde\\x02\\x00\\x00\\x00\\xc6\\x08r\\xa4\\x00\\x00\\x07\\x02\\xb1\\x0eA\\xdf\\x02\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1804
          },
          {
            "timestamp": "2026-06-28 21:56:16,558",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1805
          },
          {
            "timestamp": "2026-06-28 21:56:16,558",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "Buffer",
                "value": "c\\x039\\x01!\\x01\\x01\\x00c\\x03a\\x08\\xa3\\xe5\\x00\\x00;\\x199\\x01r\\xee\\x00\\x00c\\x03\\xbc\\x04R*\\x01\\x00[\\x19\\xbc\\x04\\x8c)\\x01\\x005\\x14\\xbc\\x04$*\\x01\\x00`\\x19\\xb9\\x08]\\xe2\\x00\\x00\\x01\\x00\\xc4\\x04\\xe1$\\x01\\x00t\\x01\\xbc\\x04v)\\x01\\x00u\\x19,\\x00\\xe1$\\x01\\x00t\\x01\\xc4\\x04\\xef\\x03\\x01\\x00\\x81\\x19,\\x00\\xef\\x03\\x01\\x00\\xcf\\x011\\x03\\xd9\\x90\\x00\\x00^\\x00,\\x00\\xd9\\x90\\x00\\x00t\\x01\\xc4\\x04\\xe5\\xef\\x00\\x00\\x90\\x19,\\x00\\xe5\\xef\\x00\\x00\\xd9\\x01\\xc4\\x04\\x91\\xae\\x00\\x00&\\x15,\\x00\\x91\\xae\\x00\\x00&\\x15,\\x00\"\\xaf\\x00\\x00\\x9e\\x114\\x00-:\\x00\\x00n\\x011\\x03\\x8a\\xc6\\x00\\x00\\x01\\x004\\x00\\x8a\\xc6\\x00\\x00\\x01\\x00Q\\x08\\x0b\\xfa\\x00\\x00\\xa4\\x194\\x00\\x0b\\xfa\\x00\\x00t\\x01A\\x03\\x17+\\x01\\x00\\xc7\\x19Q\\x03\\x81$\\x01\\x00p\\x00Q\\x03\\xed\\x8a\\x00\\x00p\\x00\\xcc\\x04]\\xe2\\x00\\x00\\x9e\\x114\\x00\\xfb\\xc2\\x00\\x00z\\x01\\xd4\\x04\\xb3\\x17\\x01\\x00c\\x034\\x00\\xb3\\x17\\x01\\x00c\\x031\\x03w(\\x01\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1806
          },
          {
            "timestamp": "2026-06-28 21:56:16,558",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1807
          },
          {
            "timestamp": "2026-06-28 21:56:16,558",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "Buffer",
                "value": "=\\x004\\x01X\\x1c;\\x004\\x01Z\\x1c=\\x005\\x01\\\\x1c;\\x005\\x01^\\x1c=\\x006\\x01`\\x1c;\\x006\\x01b\\x1c=\\x007\\x01d\\x1c;\\x007\\x01f\\x1c=\\x008\\x01h\\x1c;\\x008\\x01j\\x1c=\\x009\\x01l\\x1c;\\x009\\x01n\\x1c=\\x00:\\x01p\\x1c;\\x00:\\x01r\\x1c=\\x00;\\x01t\\x1c;\\x00;\\x01v\\x1c=\\x00<\\x01x\\x1c;\\x00<\\x01z\\x1c=\\x00=\\x01|\\x1c;\\x00=\\x01~\\x1c=\\x00>\\x01\\x80\\x1c;\\x00>\\x01\\x82\\x1c=\\x00?\\x01\\x84\\x1c;\\x00?\\x01\\x86\\x1c=\\x00@\\x01\\x88\\x1c;\\x00@\\x01\\x8a\\x1c=\\x00A\\x01\\x8c\\x1c;\\x00A\\x01\\x8e\\x1c=\\x00B\\x01\\x90\\x1c;\\x00B\\x01\\x92\\x1c=\\x00C\\x01\\x94\\x1c;\\x00C\\x01\\x96\\x1c=\\x00D\\x01\\x98\\x1c;\\x00D\\x01\\x9a\\x1c=\\x00E\\x01\\x9c\\x1c;\\x00E\\x01\\x9e\\x1c=\\x00F\\x01\\xa0\\x1c;\\x00F\\x01\\xa2\\x1c=\\x00G\\x01\\xa4\\x1c;\\x00G\\x01\\xa6\\x1c=\\x00H\\x01\\xa8\\x1c;\\x00H\\x01\\xaa\\x1c=\\x00I\\x01"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1808
          },
          {
            "timestamp": "2026-06-28 21:56:16,558",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1809
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "Buffer",
                "value": "asDefaultConstructor\\x00GetDefaultConstructor\\x00defaultConstructor\\x00WriteStartConstructor\\x00constructor\\x00System.ComponentModel.ICustomTypeDescriptor.GetEditor\\x00Monitor\\x00NoThrowExpressionVisitor\\x00ICustomTypeDescriptor\\x00MemberDescriptor\\x00EventDescriptor\\x00JPropertyDescripto"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1810
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1811
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00 \\x00b\\x00i\\x00n\\x00a\\x00r\\x00y\\x00:\\x00 \\x00{\\x000\\x00}\\x00\\x00QU\\x00n\\x00e\\x00x\\x00p\\x00e\\x00c\\x00t\\x00e\\x00d\\x00 \\x00t\\x00o\\x00k\\x00e\\x00n\\x00 \\x00w\\x00h\\x00e\\x00n\\x00 \\x00r\\x00e\\x00a\\x00d\\x00i\\x00n\\x00g\\x00 \\x00b\\x00y\\x00t\\x00e\\x00s\\x00:\\x00 \\x00{\\x000\\x00}\\x00\\x007E\\x00x\\x00p\\x00e\\x00c\\x00t\\x00e\\x00d\\x00 \\x00B\\x00y\\x00t\\x00e\\x00s\\x00 \\x00b\\x00u\\x00t\\x00 \\x00g\\x00o\\x00t\\x00 \\x00{\\x000\\x00}\\x00.\\x00\\x00\\x80\\x81C\\x00u\\x00s\\x00t\\x00o\\x00m\\x00C\\x00r\\x00e\\x00a\\x00t\\x00i\\x00o\\x00n\\x00C\\x00o\\x00n\\x00v\\x00e\\x00r\\x00t\\x00e\\x00r\\x00 \\x00s\\x00h\\x00o\\x00u\\x00l\\x00d\\x00 \\x00o\\x00n\\x00l\\x00y\\x00 \\x00b\\x00e\\x00 \\x00u\\x00s\\x00e\\x00d\\x00 \\x00w\\x00"
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1812
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1813
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "Buffer",
                "value": ">d__50\\x00\\x006\\x01\\x001Newtonsoft.Json.Linq.JToken+<Annotations>d__185`1\\x00\\x004\\x01\\x00/Newtonsoft.Json.Linq.JToken+<Annotations>d__186\\x00\\x00G\\x01\\x00BNewtonsoft.Json.Linq.JsonPath.ArrayIndexFilter+<ExecuteFilter>d__4\\x00\\x00O\\x01\\x00JNewtonsoft.Json.Linq.JsonPath.ArrayMultipleIndexFilter+<ExecuteF"
              },
              {
                "name": "Length",
                "value": "28590"
              }
            ],
            "repeated": 0,
            "id": 1814
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00@d\\xb0\\x8f\\x10\\xdc\\x01\\x00@d\\xb0\\x8f\\x10\\xdc\\x01\\x00@d\\xb0\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1815
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000414"
              }
            ],
            "repeated": 0,
            "id": 1816
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1817
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1818
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1819
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000414"
              }
            ],
            "repeated": 0,
            "id": 1820
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1821
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1822
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1823
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "(7\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1824
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "(7\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1825
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "(7\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1826
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1827
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00\\x1a_\\xb7\\xf7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\" \\x0b\\x010\\x00\\x00\\x04\\x02\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00b\\x1d\\x02\\x00\\x00 \\x00\\x00\\x00@\\x02\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x02\\x00\\x00\\x02\\x00\\x00\\x9e \\x03\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "36946"
              }
            ],
            "repeated": 0,
            "id": 1828
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1829
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
              },
              {
                "name": "Buffer",
                "value": "\n\\x0b8\\xa6\\x00\\x00\\x00\\x11\\x07\\x16/\\x05(8\\x01\\x00\\x06\\x11\\x06oI\\x01\\x00\n\\x11\\x05\t\\x03\\x11\\x07jY\\x17(J\\x01\\x00\n\n\\x12\\x00(G\\x01\\x00\n\\x13\t\\x12\\x00(\\xca\\x00\\x00\\x06\\x13\n\\x11\n\\x11\\x05.\\x17\\x11\nt=\\x00\\x00\\x1b\\x11\n\\x11\t\\x11\\x05\t\\x04(H\\x01\\x00\n\\x0b+W\t\\x11\tYj\\x04/\\x07\\x16j(J\\x01\\x00\\x06\\x12\\x01\\x11\n\\x11\t\\x04iX(\\xc9\\x00\\x00\\x06+8\t\\x08Yj\\x03/\\x07\\x15j(J\\x01\\x00\\x06\\x08\\x03iX\\x0c\\x12\\x00\\x11\\x04\\x08(\\xc9\\x00\\x00\\x06\t\\x08Yj\\x04/\\x07\\x16j(J\\x01\\x00\\x06\\x12\\x01\\x11\\x04\\x08\\x04iX(\\xc9\\x00\\x00\\x06\\x02\\x12\\x00\\x12\\x01(K\\x01\\x00\n*\\x00\\x00\\x130\\x05\\x00&\\x01\\x00\\x00V\\x00\\x00\\x11\\x03\\x16j/\\x06\\x03(J\\x01\\x00\\x06\\x0f\\x02(G\\x01\\x00\n\n\\x0f\\x02(\\xca\\x00\\x00\\x06\\x0b\\x02|A\\x01\\x00\n(G\\x01\\x00\n\\x0c\\x02|A\\x01\\x00\n(\\xca\\x00\\x00\\x06\r\\x02|B\\x01\\x00\n("
              },
              {
                "name": "Length",
                "value": "65536"
              }
            ],
            "repeated": 0,
            "id": 1830
          },
          {
            "timestamp": "2026-06-28 21:56:16,574",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1831
          },
          {
            "timestamp": "2026-06-28 21:56:16,590",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1832
          },
          {
            "timestamp": "2026-06-28 21:56:16,590",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
              },
              {
                "name": "Buffer",
                "value": "26964B0C6\\x0096E3FDE919EC36694EFBEC22FEF80F84EE640CC5E46CED07C3E65AC04607C7D6\\x00_b6\\x00Byte07\\x00_b17\\x00_b27\\x00_b37\\x00_b47\\x00_b7\\x00Byte08\\x00_b18\\x00__StaticArrayInitTypeSize=28\\x00_b28\\x00_b38\\x00__StaticArrayInitTypeSize=48\\x00_b48\\x008C7DD76CF6FAC1893ED057E9FC91B995F9379B69E0796CAB7DE38ADAE3D2C"
              },
              {
                "name": "Length",
                "value": "42710"
              }
            ],
            "repeated": 0,
            "id": 1833
          },
          {
            "timestamp": "2026-06-28 21:56:16,590",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00L~|L5\\xdb\\x01\\x00L~|L5\\xdb\\x01\\x00L~|L5\\xdb\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1834
          },
          {
            "timestamp": "2026-06-28 21:56:16,590",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1835
          },
          {
            "timestamp": "2026-06-28 21:56:16,590",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1836
          },
          {
            "timestamp": "2026-06-28 21:56:16,590",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1837
          },
          {
            "timestamp": "2026-06-28 21:56:16,590",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1838
          },
          {
            "timestamp": "2026-06-28 21:56:16,590",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1839
          },
          {
            "timestamp": "2026-06-28 21:56:16,590",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1840
          },
          {
            "timestamp": "2026-06-28 21:56:16,590",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000424"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1841
          },
          {
            "timestamp": "2026-06-28 21:56:16,590",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x18K\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1842
          },
          {
            "timestamp": "2026-06-28 21:56:16,605",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x18K\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1843
          },
          {
            "timestamp": "2026-06-28 21:56:16,605",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x18K\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1844
          },
          {
            "timestamp": "2026-06-28 21:56:16,605",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1845
          },
          {
            "timestamp": "2026-06-28 21:56:16,605",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00\\xf4\\xcc3g\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\x18\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\xde6\\x00\\x00\\x00 \\x00\\x00\\x00@\\x00\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x02\\x00\\x00\\x08\\xfb\\x00\\x00\\x03\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "19224"
              }
            ],
            "repeated": 0,
            "id": 1846
          },
          {
            "timestamp": "2026-06-28 21:56:16,605",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xf2\\x1bzL5\\xdb\\x01\\x00\\xf2\\x1bzL5\\xdb\\x01\\x00\\xf2\\x1bzL5\\xdb\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1847
          },
          {
            "timestamp": "2026-06-28 21:56:16,605",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1848
          },
          {
            "timestamp": "2026-06-28 21:56:16,605",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1849
          },
          {
            "timestamp": "2026-06-28 21:56:16,605",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1850
          },
          {
            "timestamp": "2026-06-28 21:56:16,605",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1851
          },
          {
            "timestamp": "2026-06-28 21:56:16,605",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 1852
          },
          {
            "timestamp": "2026-06-28 21:56:16,605",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1853
          },
          {
            "timestamp": "2026-06-28 21:56:16,605",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000428"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1854
          },
          {
            "timestamp": "2026-06-28 21:56:16,605",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "xa\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1855
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "xa\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1856
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "xa\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1857
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1858
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00a|C\\xd6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\" \\x0b\\x010\\x00\\x00.\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\xb2M\\x00\\x00\\x00 \\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\\x02\\x00\\x00\\xfd\\xcf\\x00\\x00\\x03\\x00`\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "3602"
              }
            ],
            "repeated": 0,
            "id": 1859
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1860
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
              },
              {
                "name": "Buffer",
                "value": ">\\x06\\x14\\x00\\x9b%\\x00\\x00\\x00\\x00\\x96\\x085\n>\\x06\\x16\\x00\\xaf%\\x00\\x00\\x00\\x00\\xc6\\x00\\xf6\\x01$\\x06\\x18\\x00\\xef%\\x00\\x00\\x00\\x00\\xc6\\x00\\xbb\\x08(\\x06\\x18\\x00\\x00&\\x00\\x00\\x00\\x00\\xc6\\x01\\xbb\\x08F\\x06\\x19\\x00Y&\\x00\\x00\\x00\\x00\\xc6\\x01\\x01\\x00L\\x06\\x1a\\x00a&\\x00\\x00\\x00\\x00\\x84\\x18\\xe0\\x07Q\\x06\\x1a\\x00\\x81&\\x00\\x00\\x00\\x00\\x86\\x00\\x83\tW\\x06\\x1b\\x00\\x8b&\\x00\\x00\\x00\\x00\\x91\\x18\\xe6\\x07j\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc6\\x05d\\x00]\\x06\\x1c\\x00\\x00\\x00\\x01\\x00\\xd4\\x05\\x00\\x00\\x01\\x00\\xd4\\x05\\x00\\x00\\x01\\x00\\xd4\\x05\\x00\\x00\\x01\\x00\\xd4\\x05\\x00\\x00\\x01\\x00\\xd4\\x05\\x00\\x00\\x01\\x00\\xd4\\x05\\x00\\x00\\x01\\x00\\xd4\\x05\\x00\\x00\\x01\\x00\\xba\\x07\\x00\\x00\\x01\\x00\\xa7\t\\x00\\x00\\x02\\x00\\xac\t\\x00\\x00\\x01\\x00\\xa7\t\\x00\\x00\\x02\\x00\\xac\t\\x00\\x00\\x01\\x00C\\x06\\x00\\x00\\x01\\x00\\xc2\\x07\\x00\\x00\\x01\\x00f\\x06\\x00\\x00\\x01\\x00\\x0c\t\\x00\\x00\\x01\\x00\\xd4\\x05\\x00\\x00\\x01\\x00\\xd4\\x05\\x00\\x00\\x01\\x00\\xba\\x07\\x00\\x00\\x01\\x00\\xa7\t\\x00\\x00\\x02\\x00\\xac\t"
              },
              {
                "name": "Length",
                "value": "21350"
              }
            ],
            "repeated": 0,
            "id": 1861
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xb9I\\x19\\x8c\\x10\\xdc\\x01\\x00\\xb9I\\x19\\x8c\\x10\\xdc\\x01\\x00\\xb9I\\x19\\x8c\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1862
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1863
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1864
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1865
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1866
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\"
              }
            ],
            "repeated": 0,
            "id": 1867
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\"
              }
            ],
            "repeated": 0,
            "id": 1868
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1869
          },
          {
            "timestamp": "2026-06-28 21:56:16,621",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000418"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1870
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "X\\xef\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1871
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "X\\xef\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1872
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1873
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "X\\xef\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1874
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1875
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00>\\xa9\\xa3h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\xbe\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00^\\xdd\\x00\\x00\\x00 \\x00\\x00\\x00\\xe0\\x00\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x01\\x00\\x00\\x02\\x00\\x00ya\\x01\\x00\\x03\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "44186"
              }
            ],
            "repeated": 0,
            "id": 1876
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1877
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "ichEditControl\\x03\\x04\\x00\\x00-\\x02\\x00\\x00\\x00\\x1f\\x0b\\x0b\\x00\\x04\\x00\\x03\\x04Name$\\x14\\x0b\\x00\\x0eWarningContent\\x99\\xfd$\n\\xd0\\xff\\x04Left=\\xff$\t\\xc8\\xff\\x03Top=\\xff$\\x12\\xcf\\xff\\x0c-4, 16, 0, 0q\\xfd\\x06\\x06\\x08\\x00.\\x00\\x00\\x06\\x06{\\xff.\\x00\\x01$\\x08\\xe4\\xff\\x0212(\\xff$\\x07\\xdc\\xff\\x011\\xc5\\xfe\\x1c\\\\x02\\x00XPresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35\\x1d-\\x05\\x00\\x02\\x00'System.Windows.Input.Keyboard"
              },
              {
                "name": "Length",
                "value": "17086"
              }
            ],
            "repeated": 0,
            "id": 1878
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1879
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1880
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1881
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1882
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1883
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\"
              }
            ],
            "repeated": 0,
            "id": 1884
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\"
              }
            ],
            "repeated": 0,
            "id": 1885
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1886
          },
          {
            "timestamp": "2026-06-28 21:56:16,636",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000414"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1887
          },
          {
            "timestamp": "2026-06-28 21:56:16,652",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "`\\xf5\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1888
          },
          {
            "timestamp": "2026-06-28 21:56:16,652",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "`\\xf5\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1889
          },
          {
            "timestamp": "2026-06-28 21:56:16,652",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "`\\xf5\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1890
          },
          {
            "timestamp": "2026-06-28 21:56:16,652",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1891
          },
          {
            "timestamp": "2026-06-28 21:56:16,652",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00K\\xa9\\xa3h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\xc2\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\xe1\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x02\\x00\\x00\\xacF\\x01\\x00\\x03\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "48450"
              }
            ],
            "repeated": 0,
            "id": 1892
          },
          {
            "timestamp": "2026-06-28 21:56:16,652",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1893
          },
          {
            "timestamp": "2026-06-28 21:56:16,652",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "3856ad364e35\\x1d-\\x05\\x00\\x02\\x00'System.Windows.Input.KeyboardNavigation\\x1f\\x10\\x0c\\x00\\x05\\x00\\x00\tIsTabStop\\x06\\x06\\x0c\\x00.\\x00\\x00\\x1f\\x14\r\\x00\\x05\\x00\\x00\rTabNavigation$\\x0e\r\\x00\\x08Continue=\\xff\\x1f\\x0b\\x0e\\x00\\x04\\x00\\x00\\x04Text\\x07\\x0e\\x00\\x03\\xec\\xff\\x00*\\x10#!WelcomeViewModel.PrivacyStatement+\\x04\\x08\\x1f\\x17\\x0f\\x00\\x04\\x00\\x00\\x10HyperlinkCommand\\x07\\x0f\\x00\\x03\\xec\\xff\\x00*\\x10\\x12\\x10HyperlinkCommand+\\x04\\x08\\x04\\x03\\x04\\x00\\x00-\\x03\\x00\\x00\\x00$\\x14\n\\x00\\x0eLicenseCon"
              },
              {
                "name": "Length",
                "value": "14366"
              }
            ],
            "repeated": 0,
            "id": 1894
          },
          {
            "timestamp": "2026-06-28 21:56:16,652",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1895
          },
          {
            "timestamp": "2026-06-28 21:56:16,652",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1896
          },
          {
            "timestamp": "2026-06-28 21:56:16,652",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1897
          },
          {
            "timestamp": "2026-06-28 21:56:16,652",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1898
          },
          {
            "timestamp": "2026-06-28 21:56:16,652",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1899
          },
          {
            "timestamp": "2026-06-28 21:56:16,652",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\"
              }
            ],
            "repeated": 0,
            "id": 1900
          },
          {
            "timestamp": "2026-06-28 21:56:16,652",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\"
              }
            ],
            "repeated": 0,
            "id": 1901
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1902
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000430"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1903
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "`\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1904
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "`\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1905
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "`\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1906
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1907
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00@\\xa9\\xa3h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\xc4\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\xe3\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x02\\x00\\x00\\x0fw\\x01\\x00\\x03\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "51170"
              }
            ],
            "repeated": 0,
            "id": 1908
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1909
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "l\\x00 \\x00S\\x00t\\x00u\\x00d\\x00i\\x00o\\x00-\\x00I\\x00n\\x00s\\x00t\\x00a\\x00l\\x00l\\x00e\\x00r\\x00\\x00\\x00@\\x00\\x10\\x00\\x01\\x00F\\x00i\\x00l\\x00e\\x00V\\x00e\\x00r\\x00s\\x00i\\x00o\\x00n\\x00\\x00\\x00\\x00\\x003\\x00.\\x001\\x004\\x00.\\x002\\x000\\x008\\x006\\x00.\\x005\\x004\\x007\\x004\\x009\\x00\\x00\\x00h\\x00$\\x00\\x01\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00N\\x00a\\x00m\\x00e\\x00\\x00\\x00v\\x00s\\x00_\\x00s\\x00e\\x00t\\x00u\\x00p\\x00_\\x00b\\x00o\\x00o\\x00t\\x00s\\x00t\\x00r\\x00a\\x00p\\x00p\\x00e\\x00r\\x00.\\x00r\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x88\\x002\\x00\\x01\\x00L\\x00e\\x00g\\x00a\\x00l\\x00C\\x00o\\x00p\\x00y\\x00r\\x00i\\x00g\\x00h\\x00t\\x00\\x00\\x00\\xa9\\x00 \\x00M\\x00i\\x00c\\x00r\\x00o\\x00"
              },
              {
                "name": "Length",
                "value": "12158"
              }
            ],
            "repeated": 0,
            "id": 1910
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1911
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              }
            ],
            "repeated": 0,
            "id": 1912
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1913
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1914
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1915
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              }
            ],
            "repeated": 0,
            "id": 1916
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\"
              }
            ],
            "repeated": 0,
            "id": 1917
          },
          {
            "timestamp": "2026-06-28 21:56:16,668",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\"
              }
            ],
            "repeated": 0,
            "id": 1918
          },
          {
            "timestamp": "2026-06-28 21:56:16,683",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1919
          },
          {
            "timestamp": "2026-06-28 21:56:16,683",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000041c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1920
          },
          {
            "timestamp": "2026-06-28 21:56:16,683",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "`\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1921
          },
          {
            "timestamp": "2026-06-28 21:56:16,683",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "`\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1922
          },
          {
            "timestamp": "2026-06-28 21:56:16,683",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "`\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1923
          },
          {
            "timestamp": "2026-06-28 21:56:16,683",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1924
          },
          {
            "timestamp": "2026-06-28 21:56:16,683",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00C\\xa9\\xa3h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\xc4\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\xde\\xe3\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x02\\x00\\x00\\x8f\\xc5\\x01\\x00\\x03\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "53378"
              }
            ],
            "repeated": 0,
            "id": 1925
          },
          {
            "timestamp": "2026-06-28 21:56:16,683",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1926
          },
          {
            "timestamp": "2026-06-28 21:56:16,683",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "_k\\xce\\xc3\\x1f;\\xb83\\x9a\n\\xec\\x8a9\\x16b\\x87\\xd77\\xcd7\\xfeL\\xb0\\xb9A\\x82\\xf2\\x85S\\x01\\x9c5\\xc4\\x1c3\\xab\\xbd\\xac=\\xd84\\xb2\"\\xaa]\\x81\\x15\\xa9\\xb9\\xfc\\xea\\x0c\\\\xb5z\\x05c\\x92\\x85\\xd9\\x85\\xbf\\xbd\\xa5\\x9fayL\\xcd]5\\xe1:\\x85\\xf3{\\x18zc0\\x0b\\xe1\\xf9AZo\\x81sXP\\xc8D\\x9e\\x9cK\\xc1'9\\xd5\\xfbnn\\xde\\x1e\\xfb\\x8e8\\x0cQ\\x8e8\\xf9e\\xd0\\xe2\\xefju\\xd0\\xde\\xfdNRx\\x06\\x8aF\\xfb\\xe2nh\\xb8\\xcf\\xb4\\x11\\xa4\\xbb\\xd9\\xb2V\\xb4\\x08\\xf8\\x8ePl\\xf4\\xd0:9\\xb1\\xf9\\x02\\xd0L%\\xb1,\\xdf3\\x7f\\xbc\\x03\\xda\\xec\\xc8UN\\x81`\\xd5?;}\\xf0\\xe2O\\xd8J\\x1a\\x10\\xea\\xbc\\x18OF\n\\x83v\\x8b\\xbf\\xf8\\x0baB\\xc1\\xf7\\xf5\\x05 \\x93%fN\\xd5g+\\xd8\\xcb^$N\\x94\\xc4e~\\x8a\\x10<\\x9c\\xdeu`\\xf2\\x83\\xd9\\xd6\\x06\\xa1\\xec+^\\xf4s\\x0b\\xfdG\\xa1G\\x92\\xbeV_\\xd2g\\xfd\\x18q-\\xbe\\xf9\\x1b%TQ\\xa3"
              },
              {
                "name": "Length",
                "value": "9950"
              }
            ],
            "repeated": 0,
            "id": 1927
          },
          {
            "timestamp": "2026-06-28 21:56:16,683",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1928
          },
          {
            "timestamp": "2026-06-28 21:56:16,683",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              }
            ],
            "repeated": 0,
            "id": 1929
          },
          {
            "timestamp": "2026-06-28 21:56:16,683",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1930
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1931
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              }
            ],
            "repeated": 0,
            "id": 1932
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1933
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\"
              }
            ],
            "repeated": 0,
            "id": 1934
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\"
              }
            ],
            "repeated": 0,
            "id": 1935
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1936
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1937
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "`\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1938
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "`\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1939
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "`\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1940
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1941
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00G\\xa9\\xa3h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\xc4\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00^\\xe3\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x02\\x00\\x00\\x1d<\\x01\\x00\\x03\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "55586"
              }
            ],
            "repeated": 0,
            "id": 1942
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1943
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x13\\x15Microsoft Corporation1\\x160\\x14\\x06\\x03U\\x04\\x05\\x13\r230865+5045810\\x1f\\x06\\x03U\\x1d#\\x04\\x180\\x16\\x80\\x14\\x1e\\x82\\xdf\\x0e\\xd7\\x8c\\xb3\\xd7\\x024\\x83\\x0e\\xda\\xab\\xade\\xb9\\xaf\\xb8\\xec0j\\x06\\x03U\\x1d\\x1f\\x04c0a0_\\xa0]\\xa0[\\x86Yhttp://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Code%20Signing%20PCA%202024.crl0w\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x01\\x01\\x04k0i0g\\x06\\x08+\\x06\\x01\\x05\\x05\\x070\\x02\\x86[http://www.microsoft.com/pkiops/certs/"
              },
              {
                "name": "Length",
                "value": "7742"
              }
            ],
            "repeated": 0,
            "id": 1944
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000042c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x10w\\xc3\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1945
          },
          {
            "timestamp": "2026-06-28 21:56:16,699",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              }
            ],
            "repeated": 0,
            "id": 1946
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1947
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000434"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1948
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000434"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1949
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              }
            ],
            "repeated": 0,
            "id": 1950
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\"
              }
            ],
            "repeated": 0,
            "id": 1951
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\"
              }
            ],
            "repeated": 0,
            "id": 1952
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1953
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000043c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1954
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "X\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1955
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "X\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1956
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "X\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1957
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1958
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00D\\xa9\\xa3h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\xc4\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\xe2\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x02\\x00\\x00\\x83\\xfc\\x00\\x00\\x03\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "57794"
              }
            ],
            "repeated": 0,
            "id": 1959
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1960
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "ond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1&0$\\x06\\x03U\\x04\\x03\\x13\\x1dMicrosoft Time-Stamp PCA 20100\\x1e\\x17\r250130194249Z\\x17\r260422194249Z0\\x81\\xcb1\\x0b0\t\\x06\\x03U\\x04\\x06\\x13\\x02US1\\x130\\x11\\x06\\x03U\\x04\\x08\\x13\nWashington1\\x100\\x0e\\x06\\x03U\\x04\\x07\\x13\\x07Redmond1\\x1e0\\x1c\\x06\\x03U\\x04\n\\x13\\x15Microsoft Corporation1%0#\\x06\\x03U\\x04\\x0b\\x13\\x1cMicrosoft America Operations1'0%\\x06\\x03U\\x04\\x0b\\x13\\x1enShield TSS "
              },
              {
                "name": "Length",
                "value": "5526"
              }
            ],
            "repeated": 0,
            "id": 1961
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00=\\xa8\\xc4\\x8f\\x10\\xdc\\x01\\x00=\\xa8\\xc4\\x8f\\x10\\xdc\\x01\\x00=\\xa8\\xc4\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1962
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 1963
          },
          {
            "timestamp": "2026-06-28 21:56:16,715",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1964
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1965
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 1966
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 1967
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\"
              }
            ],
            "repeated": 0,
            "id": 1968
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\"
              }
            ],
            "repeated": 0,
            "id": 1969
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1970
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000434"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1971
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "p\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1972
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "p\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1973
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "p\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1974
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1975
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00J\\xa9\\xa3h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\xc4\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00.\\xe2\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x02\\x00\\x00\\xcb\\xde\\x01\\x00\\x03\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "60010"
              }
            ],
            "repeated": 0,
            "id": 1976
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1977
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "v\\xf5\\x86P\\xdc\\xc1D\\xc8q\\Q17\\xa0\n8n\\x8d\\xed\\xd7\\x0f\\xd8&S|9a\\x02z\\xc4\\xaa\\xfdri\\xaf\\x1d\\xab\\xac\\xf66\\xbe5&d\\xda\\x98;\\xba\\x1a{3\\xad\\x80[~\\x8c\\x10\\x1c\\x9dR\\xfe\\xb6\\xe8b%\\xdcj\\x0f\\xcf]\\xf4\\xfe\\x8eS\\xcf\\xd6\\xec\\x85VM\\xef\\xdd\\xbc\\x8d\\xa4\\xe3\\x91\\x8f\\xb29,Q\\x9c\\xe9pi\r\\xca6-p\\x8e1\\xc85(\\xbd\\xe3\\xb4\\x87$\\xc3\\xe0\\xc9\\x8f~\\xb5T\\x8f\\xdc\\xfa\\x05U\\x98mh;\\x9aF\\xbd\\xed\\xa4\\xaez)7\\xac\\xcb\\xeb\\x83E\\xe7Fn\\xca2\\xd5\\xc0\\x860\\O,\\xe2b\\xb2\\xcd\\xb9\\xe2\\x8d\\x88\\xe4\\x96\\xac\\x01J\\xbb\\xbeq\\xa9\\x17[g`\\xde\\xf8\\x92\\x91\\x1e\\x1d=\\xfd \\xcfs}A\\x9aFu\\xcd\\xc4_4\\xdd\\x12\\x89\\xd6\\xfd\\xa5 }~\\xfc\\xd9\\x9eE\\xdf\\xb6r/\\xdb}_\\x80\\xba\\xdb\\xaa~6\\xec6L\\xf6+n\\xa8\\x12Q\\xe8\\xbf\\x05\\x03\\xa3\\xd1s\\xa6M7t\\x94\\x1c4\\x82\\x0f\\xf0\\x10\\xf2\\xb7G\\x18\\xed\\xa7\\xe8\\x99|"
              },
              {
                "name": "Length",
                "value": "3334"
              }
            ],
            "repeated": 0,
            "id": 1978
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xff\\x93\\xd0\\x8f\\x10\\xdc\\x01\\x00\\xff\\x93\\xd0\\x8f\\x10\\xdc\\x01\\x00\\xff\\x93\\xd0\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1979
          },
          {
            "timestamp": "2026-06-28 21:56:16,730",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 1980
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1981
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1982
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1983
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 1984
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\"
              }
            ],
            "repeated": 0,
            "id": 1985
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\"
              }
            ],
            "repeated": 0,
            "id": 1986
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1987
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1988
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x88\\xfd\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1989
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x88\\xfd\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1990
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x88\\xfd\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1991
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1992
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00E\\xa9\\xa3h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\xca\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\xbe\\xe8\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x02\\x00\\x00?\\x98\\x01\\x00\\x03\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "62202"
              }
            ],
            "repeated": 0,
            "id": 1993
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1994
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\x04\\x01\\x827\\x14\\x02\\x04\\x0c\\x1e\n\\x00S\\x00u\\x00b\\x00C\\x00A0\\x0b\\x06\\x03U\\x1d\\x0f\\x04\\x04\\x03\\x02\\x01\\x860\\x0f\\x06\\x03U\\x1d\\x13\\x01\\x01\\xff\\x04\\x050\\x03\\x01\\x01\\xff0\\x1f\\x06\\x03U\\x1d#\\x04\\x180\\x16\\x80\\x14\\xd5\\xf6V\\xcb\\x8f\\xe8\\xa2\\bh\\xd1=\\x94\\x90[\\xd7\\xce\\x9a\\x18\\xc40V\\x06\\x03U\\x1d\\x1f\\x04O0M0K\\xa0I\\xa0G\\x86Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x01\\x01\\x04N0L0J\\x06\\x08+\\x06\\x01\\x05\\x05\\x070\\x02\\x86>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-0"
              },
              {
                "name": "Length",
                "value": "2702"
              }
            ],
            "repeated": 0,
            "id": 1995
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xff\\x93\\xd0\\x8f\\x10\\xdc\\x01\\x00\\xff\\x93\\xd0\\x8f\\x10\\xdc\\x01\\x00\\xff\\x93\\xd0\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1996
          },
          {
            "timestamp": "2026-06-28 21:56:16,746",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 1997
          },
          {
            "timestamp": "2026-06-28 21:56:16,761",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1998
          },
          {
            "timestamp": "2026-06-28 21:56:16,761",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1999
          },
          {
            "timestamp": "2026-06-28 21:56:16,761",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2000
          },
          {
            "timestamp": "2026-06-28 21:56:16,761",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2001
          },
          {
            "timestamp": "2026-06-28 21:56:16,761",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\"
              }
            ],
            "repeated": 0,
            "id": 2002
          },
          {
            "timestamp": "2026-06-28 21:56:16,761",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\"
              }
            ],
            "repeated": 0,
            "id": 2003
          },
          {
            "timestamp": "2026-06-28 21:56:16,761",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2004
          },
          {
            "timestamp": "2026-06-28 21:56:16,761",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2005
          },
          {
            "timestamp": "2026-06-28 21:56:16,761",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x80\\xef\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 2006
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x80\\xef\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2007
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x80\\xef\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2008
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2009
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00<\\xa9\\xa3h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\xbe\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\xee\\xdc\\x00\\x00\\x00 \\x00\\x00\\x00\\xe0\\x00\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x01\\x00\\x00\\x02\\x00\\x00c\\x14\\x01\\x00\\x03\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "61312"
              }
            ],
            "repeated": 0,
            "id": 2010
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 2011
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xc1\\x7f\\xdc\\x8f\\x10\\xdc\\x01\\x00\\xc1\\x7f\\xdc\\x8f\\x10\\xdc\\x01\\x00\\xc1\\x7f\\xdc\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2012
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2013
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2014
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2015
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2016
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\"
              }
            ],
            "repeated": 0,
            "id": 2017
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\"
              }
            ],
            "repeated": 0,
            "id": 2018
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2019
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2020
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "x\\xf5\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 2021
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "x\\xf5\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2022
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "x\\xf5\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2023
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2024
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00Q\\xa9\\xa3h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\xc2\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\xe0\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x02\\x00\\x00l\\x02\\x01\\x00\\x03\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "1522"
              }
            ],
            "repeated": 0,
            "id": 2025
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2026
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00e\\x00n\\x00t\\x00s\\x00\\xac\\x01\\x00\\x00@E\\x00r\\x00r\\x00o\\x00r\\x00_\\x00F\\x00a\\x00i\\x00l\\x00e\\x00d\\x00T\\x00o\\x00P\\x00a\\x00r\\x00s\\x00e\\x00N\\x00e\\x00x\\x00t\\x00P\\x00a\\x00r\\x00a\\x00m\\x00e\\x00t\\x00e\\x00r\\x00N\\x02\\x00\\x008E\\x00r\\x00r\\x00o\\x00r\\x00_\\x00F\\x00r\\x00a\\x00m\\x00e\\x00w\\x00o\\x00r\\x00k\\x00_\\x00N\\x00o\\x00t\\x00S\\x00u\\x00p\\x00p\\x00o\\x00r\\x00t\\x00e\\x00d\\x00\\x80\\x02\\x00\\x00&E\\x00r\\x00r\\x00o\\x00r\\x00_\\x00I\\x00n\\x00s\\x00t\\x00a\\x00l\\x00l\\x00F\\x00a\\x00i\\x00l\\x00e\\x00d\\x00q\\x03\\x00\\x00DE\\x00r\\x00r\\x00o\\x00r\\x00_\\x00I\\x00n\\x00s\\x00t\\x00a\\x00l\\x00l\\x00e\\x00r\\x00_\\x00P\\x00r\\x00e\\x00i\\x00n\\x00s\\x00t\\x00a\\x00l\\x00l\\x00_\\x00M\\x00e\\x00s\\x00s\\x00a\\x00g\\x00e\\x00\\xa1"
              },
              {
                "name": "Length",
                "value": "61318"
              }
            ],
            "repeated": 0,
            "id": 2027
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000444"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xc1\\x7f\\xdc\\x8f\\x10\\xdc\\x01\\x00\\xc1\\x7f\\xdc\\x8f\\x10\\xdc\\x01\\x00\\xc1\\x7f\\xdc\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2028
          },
          {
            "timestamp": "2026-06-28 21:56:16,777",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 2029
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 2030
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000044c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2031
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000044c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2032
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              }
            ],
            "repeated": 0,
            "id": 2033
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\"
              }
            ],
            "repeated": 0,
            "id": 2034
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\"
              }
            ],
            "repeated": 0,
            "id": 2035
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000450"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2036
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000454"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2037
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000450"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x88\\xf5\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 2038
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000450"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x88\\xf5\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2039
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000450"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x88\\xf5\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2040
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000450"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2041
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000450"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00A\\xa9\\xa3h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\xc2\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\xe1\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x02\\x00\\x00\\xe4\\xbd\\x01\\x00\\x03\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "4218"
              }
            ],
            "repeated": 0,
            "id": 2042
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2043
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000450"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00W\\x00a\\x00r\\x00n\\x00H\\x00e\\x00a\\x00d\\x00e\\x00r\\x00N\\x00a\\x00m\\x00e\\x00\\x16\\x12\\x00\\x00$U\\x00I\\x00_\\x00W\\x00a\\x00r\\x00n\\x00M\\x00e\\x00s\\x00s\\x00a\\x00g\\x00e\\x00T\\x00e\\x00x\\x00t\\x00P\\x12\\x00\\x00 U\\x00I\\x00_\\x00W\\x00a\\x00r\\x00n\\x00_\\x00T\\x00e\\x00x\\x00t\\x00N\\x00a\\x00m\\x00e\\x00\\x11\\x13\\x00\\x00*U\\x00I\\x00_\\x00W\\x00e\\x00l\\x00c\\x00o\\x00m\\x00e\\x00M\\x00e\\x00s\\x00s\\x00a\\x00g\\x00e\\x00T\\x00e\\x00x\\x00t\\x00]\\x13\\x00\\x00 U\\x00I\\x00_\\x00Y\\x00e\\x00s\\x00B\\x00u\\x00t\\x00t\\x00o\\x00n\\x00T\\x00e\\x00x\\x00t\\x00\\xc0\\x13\\x00\\x00\\x01\rVisual Studio\\x01\\x83\\x01No se pudo descargar el Instalador de Visua"
              },
              {
                "name": "Length",
                "value": "58638"
              }
            ],
            "repeated": 0,
            "id": 2044
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000450"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00V:\\xe7\\x8f\\x10\\xdc\\x01\\x00V:\\xe7\\x8f\\x10\\xdc\\x01\\x00V:\\xe7\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2045
          },
          {
            "timestamp": "2026-06-28 21:56:16,793",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              }
            ],
            "repeated": 0,
            "id": 2046
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 2047
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2048
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2049
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 2050
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\"
              }
            ],
            "repeated": 0,
            "id": 2051
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\"
              }
            ],
            "repeated": 0,
            "id": 2052
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2053
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2054
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "x\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 2055
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "x\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2056
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "x\\xf7\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2057
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2058
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00N\\xa9\\xa3h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\xc4\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00N\\xe2\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x02\\x00\\x00\\xdd\\xbb\\x01\\x00\\x03\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "6898"
              }
            ],
            "repeated": 0,
            "id": 2059
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2060
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "skania dodatkowych informacji.\\x01aPonownie uruchom komputer, aby uko\\x144czy\\x107 oczekuj\\x105c\\x105 operacj\\x119, a nast\\x119pnie spr\\xf3buj ponownie.\\x01FWyst\\x105pienie instalatora programu Visual Studio jest ju\\x17c uruchomione.\\x01qNie mo\\x17cna zaktualizowa\\x107 klienta, poniewa\\x17c nie zost"
              },
              {
                "name": "Length",
                "value": "56454"
              }
            ],
            "repeated": 0,
            "id": 2061
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00V:\\xe7\\x8f\\x10\\xdc\\x01\\x00V:\\xe7\\x8f\\x10\\xdc\\x01\\x00V:\\xe7\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2062
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 2063
          },
          {
            "timestamp": "2026-06-28 21:56:16,808",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2064
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 2065
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2066
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 2067
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\"
              }
            ],
            "repeated": 0,
            "id": 2068
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8ede6",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\"
              }
            ],
            "repeated": 0,
            "id": 2069
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2070
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2071
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "X\\x01\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 2072
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "X\\x01\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2073
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "X\\x01\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2074
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2075
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00H\\xa9\\xa3h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\xce\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\xfe\\xec\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x01\\x00\\x00\\x02\\x00\\x00\\xd0\\xc7\\x01\\x00\\x03\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "9082"
              }
            ],
            "repeated": 0,
            "id": 2076
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2077
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "2108",
            "caller": "0x00c9c92d",
            "parentcaller": "0x00cb41b8",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2078
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xbe\\xd0\\xbb\\xd0\\xb6\\xd0\\xb8\\xd1\\x82\\xd1\\x8c\\x01<\\xd0\\x98\\xd0\\xbd\\xd0\\xb4\\xd0\\xb8\\xd0\\xba\\xd0\\xb0\\xd1\\x82\\xd0\\xbe\\xd1\\x80 \\xd0\\xb2\\xd1\\x8b\\xd0\\xbf\\xd0\\xbe\\xd0\\xbb\\xd0\\xbd\\xd0\\xb5\\xd0\\xbd\\xd0\\xb8\\xd1\\x8f \\xd1\\x81\\xd0\\xba\\xd0\\xb0\\xd1\\x87\\xd0\\xb8\\xd0\\xb2\\xd0\\xb0\\xd0\\xbd\\xd0\\xb8\\xd1\\x8f\\x01/\\xd0\\x9f\\xd0\\xbe\\xd1\\x87\\xd1\\x82\\xd0\\xb8 \\xd0\\xb3\\xd0\\xbe\\xd1\\x82\\xd0\\xbe\\xd0\\xb2\\xd0\\xbe... \\xd0\\x92\\xd1\\x81\\xd0\\xb5 \\xd0\\xb3\\xd0\\xbe\\xd1\\x82\\xd0\\xbe\\xd0\\xb2\\xd0\\xbe.\\x01:\\xd0\\x98\\xd0\\xbd\\xd0\\xb4\\xd0\\xb8\\xd0\\xba\\xd0\\xb0\\xd1\\x82\\xd0\\xbe\\xd1\\x80 \\xd0\\xb2\\xd1\\x8b\\xd0\\xbf\\xd0\\xbe\\xd0\\xbb\\xd0\\xbd\\xd0\\xb5\\xd0\\xbd\\xd0\\xb8\\xd1\\x8f \\xd1\\x83\\xd1\\x81\\xd1\\x82\\xd0\\xb0\\xd0\\xbd\\xd0\\xbe\\xd0\\xb2\\xd0\\xba\\xd0\\xb8\\x01Q\\xd0\\x9d\\xd0\\xb5 \\xd1\\x83\\xd0\\xb4\\xd0\\xb0\\xd0\\xb5\\xd1\\x82\\xd1\\x81\\xd1\\x8f \\xd1\\x81\\xd0\\xba\\xd0\\xb0\\xd1\\x87\\xd0\\xb0\\xd1\\x82\\xd1\\x8c \\xd0\\xbe\\xd0\\xb1\\xd0\\xbd\\xd0\\xbe\\xd0\\xb2\\xd0\\xbb\\xd0\\xb5\\xd0\\xbd\\xd0\\xbd\\xd1\\x8b\\xd0\\xb9 Visual Studio "
              },
              {
                "name": "Length",
                "value": "56798"
              }
            ],
            "repeated": 0,
            "id": 2079
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00V:\\xe7\\x8f\\x10\\xdc\\x01\\x00V:\\xe7\\x8f\\x10\\xdc\\x01\\x00V:\\xe7\\x8f\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2080
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 2081
          },
          {
            "timestamp": "2026-06-28 21:56:16,824",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2082
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2083
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 2084
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 2085
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 2086
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2087
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000464"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2088
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "y\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 2089
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "y\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2090
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "y\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2091
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2092
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config"
              },
              {
                "name": "Buffer",
                "value": "DownloadUrl=https://aka.ms/vs/17/release/installer\r\nproductSemanticVersion=17.14.35+37411.7.(june.2026)\r\nautoSelfUpdateMinVersion=3.14.2086.286130193\r\nLicenseUrl=https://go.microsoft.com/fwlink/?LinkID=2179811\r\nPrivacyUrl=https://go.microsoft.com/fwlink/?L"
              },
              {
                "name": "Length",
                "value": "633"
              }
            ],
            "repeated": 0,
            "id": 2093
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00-g\\xac\\xd7\\xf9\\xdc\\x01\\x00-g\\xac\\xd7\\xf9\\xdc\\x01\\x00-g\\xac\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2094
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 2095
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2096
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2097
          },
          {
            "timestamp": "2026-06-28 21:56:16,840",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 2098
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 2099
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2100
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 2101
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2102
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "+\\x0f\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 2103
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "+\\x0f\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2104
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "+\\x0f\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2105
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2106
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<configuration>\r\n  <startup>\r\n    <supportedRuntime version=\"v4.0\" sku=\".NETFramework,Version=v4.7.2\" />\r\n    <supportedRuntime version=\"v2.0.50727\" />\r\n  </startup>\r\n  <runtime>\r\n    <assemblyBinding xmlns=\"urn:sche"
              },
              {
                "name": "Length",
                "value": "3883"
              }
            ],
            "repeated": 0,
            "id": 2107
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\xfff\\x9f\\x8e\\x10\\xdc\\x01\\x00\\xfff\\x9f\\x8e\\x10\\xdc\\x01\\x00\\xfff\\x9f\\x8e\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2108
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000468"
              }
            ],
            "repeated": 0,
            "id": 2109
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 2110
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2111
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2112
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000468"
              }
            ],
            "repeated": 0,
            "id": 2113
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 2114
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2115
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2116
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x86\"\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 2117
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x86\"\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2118
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x86\"\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2119
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2120
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
              },
              {
                "name": "Buffer",
                "value": "{\r\n  \"StopIfFounds\": [\r\n    {\r\n      \"Entries\": [\r\n        {\r\n          \"Id\": \"Dev14.Enterprise.Version\",\r\n          \"Hive\": \"hklm\",\r\n          \"Key\": \"software\\\\Microsoft\\\\DevDiv\\\\vs\\\\Servicing\\\\14.0\\\\enterprise\",\r\n          \"Value\": \"Version\"\r\n        },"
              },
              {
                "name": "Length",
                "value": "4222"
              }
            ],
            "repeated": 0,
            "id": 2121
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c9d85e",
            "parentcaller": "0x00c943a9",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2122
          },
          {
            "timestamp": "2026-06-28 21:56:16,855",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
              },
              {
                "name": "Buffer",
                "value": ": \"software\\\\Microsoft\\\\NET Framework Setup\\\\NDP\\\\v4\\\\Full\",\r\n          \"Value\": \"Release\"\r\n        },\r\n        {\r\n          \"Id\": \"NetFX.NetFX4Above.Version\",\r\n          \"Hive\": \"hklm\",\r\n          \"Key\": \"software\\\\Microsoft\\\\NET Framework Setup\\\\NDP\\\\v4\\"
              },
              {
                "name": "Length",
                "value": "4616"
              }
            ],
            "repeated": 0,
            "id": 2123
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x90,f\\x8a\\x10\\xdc\\x01\\x00\\x90,f\\x8a\\x10\\xdc\\x01\\x00\\x90,f\\x8a\\x10\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2124
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000468"
              }
            ],
            "repeated": 0,
            "id": 2125
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 2126
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2127
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2128
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000468"
              }
            ],
            "repeated": 0,
            "id": 2129
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8edd0",
            "parentcaller": "0x00c8d4ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 2130
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d4f2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2131
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8f459",
            "parentcaller": "0x00c8d53e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000460"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2132
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8d570",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xa2\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 2133
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xa2\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2134
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8d57f",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xa2\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2135
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8d589",
            "parentcaller": "0x00c8fc45",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2136
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8d731",
            "parentcaller": "0x00c8f761",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json"
              },
              {
                "name": "Buffer",
                "value": "{\r\n  \"productId\": \"Microsoft.VisualStudio.Product.Community\",\n  \"channelId\": \"VisualStudio.17.Release\",\n  \"channelUri\": \"https://aka.ms/vs/17/release/channel\"\n}\r\n"
              },
              {
                "name": "Length",
                "value": "162"
              }
            ],
            "repeated": 0,
            "id": 2137
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8d3c1",
            "parentcaller": "0x00c8fd99",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00-g\\xac\\xd7\\xf9\\xdc\\x01\\x00-g\\xac\\xd7\\xf9\\xdc\\x01\\x00-g\\xac\\xd7\\xf9\\xdc\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2138
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8d3ca",
            "parentcaller": "0x00c8fd99",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000468"
              }
            ],
            "repeated": 0,
            "id": 2139
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100100",
                "pretty_value": "FILE_WRITE_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2140
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000468"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2141
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c8a324",
            "parentcaller": "0x00c8d40f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000468"
              }
            ],
            "repeated": 0,
            "id": 2142
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c9d325",
            "parentcaller": "0x00c9bb95",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2143
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c9d325",
            "parentcaller": "0x00c9bb95",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2144
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c9d325",
            "parentcaller": "0x00c9bb95",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2145
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "3636",
            "caller": "0x00c9ca1e",
            "parentcaller": "0x00c9c0d1",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2146
          },
          {
            "timestamp": "2026-06-28 21:56:16,871",
            "thread_id": "4660",
            "caller": "0x00cb4262",
            "parentcaller": "0x00cb434c",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4660"
              }
            ],
            "repeated": 0,
            "id": 2147
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "4660",
            "caller": "0x00cb4262",
            "parentcaller": "0x00cb434c",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2148
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9c0d1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035c"
              }
            ],
            "repeated": 0,
            "id": 2149
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9c0d1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 2150
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9c0d1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 2151
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0af90000"
              },
              {
                "name": "RegionSize",
                "value": "0x01002000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2152
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00110000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2153
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca1e",
            "parentcaller": "0x00c9c0d1",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2154
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "4948",
            "caller": "0x00cb4262",
            "parentcaller": "0x00cb434c",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4948"
              }
            ],
            "repeated": 0,
            "id": 2155
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "4948",
            "caller": "0x00cb4262",
            "parentcaller": "0x00cb434c",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2156
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9c0d1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2157
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9c0d1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 2158
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9c0d1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 2159
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0bfa0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0100d000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2160
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0cfb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0010b000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2161
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca1e",
            "parentcaller": "0x00c9c0d1",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2162
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "2108",
            "caller": "0x00cb4262",
            "parentcaller": "0x00cb434c",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2108"
              }
            ],
            "repeated": 0,
            "id": 2163
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "2108",
            "caller": "0x00cb4262",
            "parentcaller": "0x00cb434c",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2164
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9c0d1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037c"
              }
            ],
            "repeated": 0,
            "id": 2165
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9c0d1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 2166
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9c0d1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              }
            ],
            "repeated": 0,
            "id": 2167
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0d0c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0100f000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2168
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0e0d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00102000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2169
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00068000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2170
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04ecc000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2171
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0e6b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0010f000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2172
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04ecc000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2173
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04ebc000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2174
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0e5a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0010d000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2175
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00068000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2176
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04ebc000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2177
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d5d5",
            "parentcaller": "0x00c904fc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00098000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2178
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9bdf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 2179
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9bdf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000334"
              }
            ],
            "repeated": 0,
            "id": 2180
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9bdf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              }
            ],
            "repeated": 0,
            "id": 2181
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9bdf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2182
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9bdf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 2183
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9bdf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 2184
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9bdf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 2185
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9bdf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 2186
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c9ca6e",
            "parentcaller": "0x00c9bdf1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000348"
              }
            ],
            "repeated": 0,
            "id": 2187
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8d83b",
            "parentcaller": "0x00c902f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 2188
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 2189
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8c5ea",
            "parentcaller": "0x00c894b4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 2190
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8db0c",
            "parentcaller": "0x00c89251",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2191
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8daeb",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "[6/28/2026, 14:56:16] "
              },
              {
                "name": "Length",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 2192
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "Extraction took 2.234 seconds"
              },
              {
                "name": "Length",
                "value": "29"
              }
            ],
            "repeated": 0,
            "id": 2193
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8dda2",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "\r\n"
              },
              {
                "name": "Length",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 2194
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8f215",
            "parentcaller": "0x00c8985a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000274"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100020",
                "pretty_value": "FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 2195
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8f215",
            "parentcaller": "0x00c8985a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000084"
              }
            ],
            "repeated": 0,
            "id": 2196
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8db0c",
            "parentcaller": "0x00c89b4b",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2197
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8daeb",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "[6/28/2026, 14:56:16] "
              },
              {
                "name": "Length",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 2198
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "Executing extracted package: 'vs_bootstrapper_d15\\vs_setup_bootstrapper.exe ' with commandline '  --env \"_SFX_CAB_EXE_PACKAGE:C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\\Users\\Rajesh\\AppData\\Local\\Temp\"'"
              },
              {
                "name": "Length",
                "value": "249"
              }
            ],
            "repeated": 0,
            "id": 2199
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c8dda2",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "\r\n"
              },
              {
                "name": "Length",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 2200
          },
          {
            "timestamp": "2026-06-28 21:56:16,886",
            "thread_id": "3636",
            "caller": "0x00c89b58",
            "parentcaller": "0x00c894ed",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\Wldp"
              },
              {
                "name": "DllBase",
                "value": "0x746b0000"
              }
            ],
            "repeated": 0,
            "id": 2201
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3636",
            "caller": "0x00c89b58",
            "parentcaller": "0x00c894ed",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\windows.storage"
              },
              {
                "name": "DllBase",
                "value": "0x746e0000"
              }
            ],
            "repeated": 0,
            "id": 2202
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3636",
            "caller": "0x00c89b58",
            "parentcaller": "0x00c894ed",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x756192a0"
              },
              {
                "name": "Parameter",
                "value": "0x04def070"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              },
              {
                "name": "ProcessId",
                "value": "3412"
              },
              {
                "name": "Module",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 2203
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2204
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2205
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7565c000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2206
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7565c000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2207
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x75519844",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 2208
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x75519865",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2209
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x75519888",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 2210
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x7514b9a2",
            "parentcaller": "0x7514b783",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "OleDropTargetInterface"
              },
              {
                "name": "Atom",
                "value": "0x0000c020"
              }
            ],
            "repeated": 0,
            "id": 2211
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x7514b9a2",
            "parentcaller": "0x7514b783",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "OleDropTargetMarshalHwnd"
              },
              {
                "name": "Atom",
                "value": "0x0000c021"
              }
            ],
            "repeated": 0,
            "id": 2212
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76873000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2213
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76873000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2214
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7565c000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2215
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7565c000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2216
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f5106f",
            "parentcaller": "0x76f4f009",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "PROPSYS.dll"
              }
            ],
            "repeated": 0,
            "id": 2217
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f5210c",
            "parentcaller": "0x76f52016",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\propsys.dll"
              }
            ],
            "repeated": 0,
            "id": 2218
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f5e5df",
            "parentcaller": "0x76f5e32b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000340"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\propsys.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2219
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f5e61c",
            "parentcaller": "0x76f5e32b",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000340"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\propsys.dll"
              }
            ],
            "repeated": 0,
            "id": 2220
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000344"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73720000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000c2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2221
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4ffdf",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2222
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f50087",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d1000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2223
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f500b5",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d1000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2224
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2225
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2226
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d1000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2227
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f5e670",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2228
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f5e678",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 2229
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d1000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2230
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\PROPSYS"
              },
              {
                "name": "DllBase",
                "value": "0x73720000"
              }
            ],
            "repeated": 0,
            "id": 2231
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 2232
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\propsys"
              },
              {
                "name": "BaseAddress",
                "value": "0x73720000"
              },
              {
                "name": "InitRoutine",
                "value": "0x73780da0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 2233
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76872000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2234
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76872000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2235
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2236
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2237
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2238
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2239
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76873000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2240
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76873000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2241
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2242
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2243
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2244
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2245
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76240000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2246
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76240000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2247
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76240000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2248
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76240000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2249
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2250
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 2251
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "NoPropertiesMyComputer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer"
              }
            ],
            "repeated": 0,
            "id": 2252
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2253
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2254
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 2255
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "NoPropertiesMyComputer"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer"
              }
            ],
            "repeated": 0,
            "id": 2256
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2257
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2258
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 2259
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "NoPropertiesRecycleBin"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin"
              }
            ],
            "repeated": 0,
            "id": 2260
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2261
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2262
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 2263
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "NoPropertiesRecycleBin"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin"
              }
            ],
            "repeated": 0,
            "id": 2264
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2265
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2266
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2267
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2268
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 2269
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "NoControlPanel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel"
              }
            ],
            "repeated": 0,
            "id": 2270
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2271
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2272
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 2273
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "NoControlPanel"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel"
              }
            ],
            "repeated": 0,
            "id": 2274
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8334",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2275
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2276
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 2277
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "NoSetFolders"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders"
              }
            ],
            "repeated": 0,
            "id": 2278
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2279
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2280
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 2281
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "NoSetFolders"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders"
              }
            ],
            "repeated": 0,
            "id": 2282
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8334",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2283
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2284
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 2285
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "NoInternetIcon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon"
              }
            ],
            "repeated": 0,
            "id": 2286
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2287
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2288
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 2289
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "NoInternetIcon"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon"
              }
            ],
            "repeated": 0,
            "id": 2290
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2291
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2292
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\vs_Community_1_.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\vs_Community_1_.exe"
              }
            ],
            "repeated": 0,
            "id": 2293
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2294
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 2295
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 2296
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2297
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2298
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 2299
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 2300
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2301
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2302
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2303
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2304
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 2305
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "NoCommonGroups"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups"
              }
            ],
            "repeated": 0,
            "id": 2306
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2307
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2308
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 2309
          },
          {
            "timestamp": "2026-06-28 21:56:16,902",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "NoCommonGroups"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups"
              }
            ],
            "repeated": 0,
            "id": 2310
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2311
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2312
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2313
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2314
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2315
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 2316
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2317
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 2318
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2319
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x75811ba0",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000330"
              }
            ],
            "repeated": 0,
            "id": 2320
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x75820411",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2321
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x758924db",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "26"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2322
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75baa88d",
            "parentcaller": "0x75811c7c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xee\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x80\\xee\\x08\\x0b\\xdb$\\x89u0\\x03\\x00\\x00\\x1a\\x00\\x00\\x00x\\xee\\x08\\x0b\\x04\\x00\\x00\\x00|\\xee\\x08\\x0b\\xcc\\xee\\x08\\x0b0\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xa8\\xee\\x08\\x0b\\x8d\\x04\\x82uX\\xf1\\x08\\x0b\\x00\\x00\\x00\\x00\\xf8\\xee\\x08\\x0b"
              }
            ],
            "repeated": 0,
            "id": 2323
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75baa968",
            "parentcaller": "0x75811c7c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000334"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\User\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 2324
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x75811c23",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              }
            ],
            "repeated": 0,
            "id": 2325
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2326
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2327
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 2328
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 2329
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2330
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 2331
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 2332
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2333
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2334
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 2335
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 2336
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2337
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000100",
                "pretty_value": "KEY_WOW64_64KEY|0x02000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 2338
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000100",
                "pretty_value": "KEY_WOW64_64KEY|0x02000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 2339
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 2340
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 2341
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2342
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 2343
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 2344
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "6"
              }
            ],
            "repeated": 0,
            "id": 2345
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2346
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2347
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "9"
              }
            ],
            "repeated": 0,
            "id": 2348
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 2349
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "11"
              }
            ],
            "repeated": 0,
            "id": 2350
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "12"
              }
            ],
            "repeated": 0,
            "id": 2351
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "13"
              }
            ],
            "repeated": 0,
            "id": 2352
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "14"
              }
            ],
            "repeated": 0,
            "id": 2353
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 2354
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 2355
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "17"
              }
            ],
            "repeated": 0,
            "id": 2356
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "18"
              }
            ],
            "repeated": 0,
            "id": 2357
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "19"
              }
            ],
            "repeated": 0,
            "id": 2358
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 2359
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "21"
              }
            ],
            "repeated": 0,
            "id": 2360
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 2361
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "23"
              }
            ],
            "repeated": 0,
            "id": 2362
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "24"
              }
            ],
            "repeated": 0,
            "id": 2363
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86683",
            "parentcaller": "0x75b83600",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000330"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000010",
                "pretty_value": "KEY_NOTIFY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 2364
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747b6127",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2365
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2366
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 2367
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 2368
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2369
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 2370
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2371
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 2372
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86683",
            "parentcaller": "0x75b83600",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000010",
                "pretty_value": "KEY_NOTIFY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 2373
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747b6127",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 2374
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2375
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 2376
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2377
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000344"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 2378
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000368"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 2379
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000368"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 2380
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000368"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Desktop\\NameSpace\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\Desktop\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 2381
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747b8fb0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 2382
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2383
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000368"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 2384
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000368"
              },
              {
                "name": "ValueName",
                "value": "StorageDelegateSuppressionPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy"
              }
            ],
            "repeated": 0,
            "id": 2385
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 2386
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2387
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000368"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 2388
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000368"
              },
              {
                "name": "ValueName",
                "value": "StorageDelegate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegate"
              }
            ],
            "repeated": 0,
            "id": 2389
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 2390
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2391
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75ba9b48",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb4\\xf1\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x12\\x00\\x88!\\xe4\\x04\\xa0\"\\xe4\\x04\\x00b\\xe2\\x04\\x00\\x00\\xdf\\x04|\\xf2\\x08\\x0b\\x08\\xf2\\x08\\x0b\\x16<\\xf4v\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2392
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75ba9bca",
            "parentcaller": "0x75ba9ac1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000368"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 2393
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85a2e",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2394
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2395
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2396
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2397
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2398
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2399
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2400
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2401
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2402
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2403
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2404
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2405
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2406
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2407
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2408
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2409
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2410
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2411
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2412
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2413
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2414
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2415
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2416
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2417
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2418
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2419
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1581568"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2420
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2421
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2422
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2423
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2424
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2425
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2426
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2427
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2428
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2429
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2430
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2431
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 2432
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2433
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2434
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2435
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2436
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2437
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2438
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2439
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2440
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2441
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2442
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2443
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2444
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2445
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2446
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2447
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2448
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2449
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2450
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2451
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2452
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2453
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2454
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2455
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2456
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2457
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "513"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2458
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2459
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2460
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2461
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2462
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2463
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2464
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2465
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2466
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2467
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{208D2C60-3AEA-1069-A2D7-08002B30309D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{208D2C60-3AEA-1069-A2D7-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 2468
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2469
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2470
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2471
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2472
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2473
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2474
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2475
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2476
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2477
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2478
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "36"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2479
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2480
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2481
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2482
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2483
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2484
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2485
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2486
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2487
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2488
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2489
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2490
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2491
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2492
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2493
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "131602"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2494
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2495
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2496
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2497
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1048576"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2498
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78e8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2499
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2500
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2501
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2502
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2503
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{871C5380-42A0-1069-A2EA-08002B30309D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{871C5380-42A0-1069-A2EA-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 2504
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2505
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2506
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2507
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2508
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2509
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2510
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2511
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2512
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2513
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2514
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "@\\x01\\x00 "
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2515
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2516
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2517
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2518
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2519
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2520
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2521
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2522
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2523
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2524
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2525
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2526
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2527
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2528
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2529
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "512"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2530
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2531
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2532
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2533
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2534
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2535
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2536
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2537
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2538
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2539
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{645FF040-5081-101B-9F08-00AA002F954E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{645FF040-5081-101B-9F08-00AA002F954E}"
              }
            ],
            "repeated": 0,
            "id": 2540
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2541
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2542
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2543
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2544
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2545
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2546
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2547
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2548
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2549
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2550
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "18446744072098938884"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2551
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2552
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2553
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2554
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2555
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2556
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2557
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2558
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2559
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2560
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2561
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2562
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2563
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2564
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2565
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4609"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2566
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2567
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2568
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2569
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2570
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2571
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2572
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2573
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2574
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2575
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{26EE0668-A00A-44D7-9371-BEB064C98683}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{26EE0668-A00A-44D7-9371-BEB064C98683}"
              }
            ],
            "repeated": 0,
            "id": 2576
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2577
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2578
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2579
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2580
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2581
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2582
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2583
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2584
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2585
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2586
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "18446744073449767213"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2587
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2588
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2589
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2590
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2591
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2592
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2593
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2594
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2595
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2596
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2597
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2598
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2599
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2600
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2601
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "5243433"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2602
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2603
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2604
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2605
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2606
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2607
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2608
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2609
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2610
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2611
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{59031A47-3F72-44A7-89C5-5595FE6B30EE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}"
              }
            ],
            "repeated": 0,
            "id": 2612
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2613
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2614
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2615
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2616
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2617
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2618
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2619
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2620
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2621
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2622
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "18446744072375763213"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2623
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2624
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2625
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2626
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2627
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2628
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2629
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2630
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2631
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2632
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2633
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2634
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2635
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2636
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2637
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "270880"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2638
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2639
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2640
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2641
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2642
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2643
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2644
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2645
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2646
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2647
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{031E4825-7B94-4DC3-B131-E946B44C8DD5}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}"
              }
            ],
            "repeated": 0,
            "id": 2648
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2649
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2650
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2651
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2652
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2653
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2654
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2655
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2656
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2657
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2658
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "538443776"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2659
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2660
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2661
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2662
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2663
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2664
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2665
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2666
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2667
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2668
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2669
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2670
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2671
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2672
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2673
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2674
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2675
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2676
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2677
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2678
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2679
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2680
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2681
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2682
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2683
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{04731B67-D933-450A-90E6-4ACD2E9408FE}"
              }
            ],
            "repeated": 0,
            "id": 2684
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2685
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2686
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2687
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2688
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2689
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2690
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2691
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2692
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2693
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2694
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "538443776"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2695
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2696
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2697
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2698
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2699
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2700
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2701
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2702
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2703
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2704
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2705
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2706
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2707
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2708
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2709
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2710
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2711
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2712
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2713
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2714
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2715
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2716
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2717
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2718
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2719
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{11016101-E366-4D22-BC06-4ADA335C892B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{11016101-E366-4D22-BC06-4ADA335C892B}"
              }
            ],
            "repeated": 0,
            "id": 2720
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2721
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2722
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2723
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2724
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2725
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2726
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2727
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2728
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2729
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2730
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "18446744073450815757"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2731
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2732
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2733
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2734
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2735
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2736
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2737
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2738
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2739
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2740
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2741
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2742
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2743
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2744
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2745
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2746
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2747
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2748
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2749
          },
          {
            "timestamp": "2026-06-28 21:56:16,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2750
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2751
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2752
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2753
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2754
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2755
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{4336A54D-038B-4685-AB02-99BB52D3FB8B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}"
              }
            ],
            "repeated": 0,
            "id": 2756
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2757
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2758
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2759
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2760
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2761
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2762
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2763
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2764
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2765
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2766
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "18446744073450553661"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2767
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2768
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2769
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2770
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2771
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "131136"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2772
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2773
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2774
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2775
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2776
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2777
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2778
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2779
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2780
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2781
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "524840"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2782
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2783
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2784
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2785
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2786
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2787
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2788
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2789
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2790
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2791
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{450D8FBA-AD25-11D0-98A8-0800361B1103}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{450D8FBA-AD25-11D0-98A8-0800361B1103}"
              }
            ],
            "repeated": 0,
            "id": 2792
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2793
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2794
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2795
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2796
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2797
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2798
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2799
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2800
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2801
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2802
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2803
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2804
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2805
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2806
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2807
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2808
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2809
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2810
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2811
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2812
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2813
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2814
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2815
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2816
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2817
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "512"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2818
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2819
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2820
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2821
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2822
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2823
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2824
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2825
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2826
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2827
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"
              }
            ],
            "repeated": 0,
            "id": 2828
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2829
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2830
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2831
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2832
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2833
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2834
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2835
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2836
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2837
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2838
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "18446744073450553605"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2839
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2840
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2841
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2842
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2843
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2844
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2845
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2846
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2847
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2848
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2849
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2850
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2851
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2852
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2853
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "5242912"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2854
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2855
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2856
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2857
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2858
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2859
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2860
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2861
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2862
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2863
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}"
              }
            ],
            "repeated": 0,
            "id": 2864
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2865
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2866
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2867
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2868
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{64693913-1C21-4F30-A98F-4E52906D3B56}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{64693913-1C21-4F30-A98F-4E52906D3B56}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2869
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{64693913-1C21-4F30-A98F-4E52906D3B56}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{64693913-1C21-4F30-A98F-4E52906D3B56}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2870
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2871
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2872
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2873
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2874
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "537919488"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2875
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2876
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2877
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2878
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2879
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2880
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2881
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2882
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2883
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2884
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2885
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2886
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2887
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2888
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2889
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2890
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2891
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2892
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{64693913-1C21-4F30-A98F-4E52906D3B56}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{64693913-1C21-4F30-A98F-4E52906D3B56}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2893
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2894
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{64693913-1C21-4F30-A98F-4E52906D3B56}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{64693913-1C21-4F30-A98F-4E52906D3B56}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2895
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2896
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2897
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2898
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2899
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{64693913-1C21-4F30-A98F-4E52906D3B56}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{64693913-1C21-4F30-A98F-4E52906D3B56}"
              }
            ],
            "repeated": 0,
            "id": 2900
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2901
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2902
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2903
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2904
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2905
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2906
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2907
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2908
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2909
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2910
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "538181632"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2911
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2912
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2913
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2914
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2915
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2916
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2917
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2918
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2919
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2920
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2921
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2922
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2923
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2924
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2925
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2926
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2927
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2928
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2929
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2930
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2931
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2932
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2933
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2934
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2935
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{89D83576-6BD1-4C86-9454-BEB04E94C819}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{89D83576-6BD1-4C86-9454-BEB04E94C819}"
              }
            ],
            "repeated": 0,
            "id": 2936
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2937
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2938
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2939
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2940
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2941
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2942
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2943
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2944
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2945
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2946
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "538181632"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2947
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2948
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2949
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2950
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2951
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2952
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2953
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2954
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2955
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2956
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2957
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2958
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2959
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2960
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2961
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2962
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2963
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2964
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2965
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2966
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2967
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2968
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2969
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2970
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 2971
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{9343812E-1C37-4A49-A12E-4B2D810D956B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{9343812E-1C37-4A49-A12E-4B2D810D956B}"
              }
            ],
            "repeated": 0,
            "id": 2972
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 2973
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2974
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2975
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2976
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2977
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2978
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2979
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2980
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2981
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2982
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "538443776"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 2983
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2984
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2985
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2986
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2987
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 2988
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2989
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2990
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2991
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2992
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 2993
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2994
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 2995
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2996
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 2997
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 2998
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 2999
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3000
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3001
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3002
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3003
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3004
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3005
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3006
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3007
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{98F275B4-4FFF-11E0-89E2-7B86DFD72085}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}"
              }
            ],
            "repeated": 0,
            "id": 3008
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3009
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3010
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3011
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3012
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{A00EE528-EBD9-48B8-944A-8942113D46AC}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A00EE528-EBD9-48B8-944A-8942113D46AC}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3013
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{A00EE528-EBD9-48B8-944A-8942113D46AC}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{A00EE528-EBD9-48B8-944A-8942113D46AC}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3014
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3015
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3016
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3017
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3018
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "538443776"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3019
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3020
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3021
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3022
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3023
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 3024
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3025
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3026
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3027
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3028
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 3029
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3030
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3031
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3032
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3033
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 3034
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 3035
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3036
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{A00EE528-EBD9-48B8-944A-8942113D46AC}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{A00EE528-EBD9-48B8-944A-8942113D46AC}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3037
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3038
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{A00EE528-EBD9-48B8-944A-8942113D46AC}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{A00EE528-EBD9-48B8-944A-8942113D46AC}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3039
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3040
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3041
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3042
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3043
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{A00EE528-EBD9-48B8-944A-8942113D46AC}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{A00EE528-EBD9-48B8-944A-8942113D46AC}"
              }
            ],
            "repeated": 0,
            "id": 3044
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3045
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3046
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3047
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3048
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3049
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3050
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3051
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3052
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3053
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3054
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "18446744072376025356"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3055
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3056
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3057
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3058
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3059
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1048576"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 3060
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3061
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3062
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3063
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3064
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 3065
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3066
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3067
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3068
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3069
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "270880"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 3070
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 3071
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3072
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3073
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3074
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3075
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3076
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3077
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3078
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3079
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}"
              }
            ],
            "repeated": 0,
            "id": 3080
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3081
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3082
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3083
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3084
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3085
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3086
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3087
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3088
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3089
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3090
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "538181632"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3091
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3092
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3093
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3094
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3095
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 3096
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3097
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3098
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3099
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3100
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 3101
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3102
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3103
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3104
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3105
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 3106
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 3107
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3108
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3109
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3110
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3111
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3112
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3113
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3114
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3115
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}"
              }
            ],
            "repeated": 0,
            "id": 3116
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3117
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3118
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3119
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3120
          },
          {
            "timestamp": "2026-06-28 21:56:16,933",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3121
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3122
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3123
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3124
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3125
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3126
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "538443776"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3127
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3128
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3129
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3130
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3131
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 3132
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3133
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3134
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3135
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3136
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 3137
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3138
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3139
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3140
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3141
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 3142
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 3143
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3144
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3145
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3146
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3147
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3148
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3149
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3150
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3151
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}"
              }
            ],
            "repeated": 0,
            "id": 3152
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3153
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3154
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3155
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3156
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3157
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3158
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3159
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3160
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3161
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3162
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "538443776"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3163
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3164
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3165
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3166
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3167
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 3168
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3169
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3170
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3171
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3172
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 3173
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3174
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3175
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3176
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3177
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 3178
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 3179
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3180
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3181
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3182
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3183
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3184
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3185
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3186
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3187
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{E345F35F-9397-435C-8F95-4E922C26259E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{E345F35F-9397-435C-8F95-4E922C26259E}"
              }
            ],
            "repeated": 0,
            "id": 3188
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3189
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3190
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3191
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3192
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{EDC978D6-4D53-4B2F-A265-5805674BE568}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{EDC978D6-4D53-4B2F-A265-5805674BE568}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3193
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{EDC978D6-4D53-4B2F-A265-5805674BE568}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{EDC978D6-4D53-4B2F-A265-5805674BE568}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3194
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3195
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3196
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3197
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3198
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "537919488"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3199
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3200
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3201
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3202
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3203
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 3204
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3205
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3206
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3207
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3208
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 3209
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3210
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3211
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3212
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3213
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 3214
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 3215
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3216
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{EDC978D6-4D53-4B2F-A265-5805674BE568}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{EDC978D6-4D53-4B2F-A265-5805674BE568}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3217
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3218
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{EDC978D6-4D53-4B2F-A265-5805674BE568}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{EDC978D6-4D53-4B2F-A265-5805674BE568}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3219
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3220
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3221
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3222
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3223
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{EDC978D6-4D53-4B2F-A265-5805674BE568}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{EDC978D6-4D53-4B2F-A265-5805674BE568}"
              }
            ],
            "repeated": 0,
            "id": 3224
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3225
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3226
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3227
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3228
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3229
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3230
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3231
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3232
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3233
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3234
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "18446744072367636580"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3235
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3236
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3237
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3238
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3239
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 3240
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3241
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3242
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3243
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3244
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 3245
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3246
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3247
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3248
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3249
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1057344"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 3250
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 3251
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3252
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3253
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3254
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3255
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3256
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3257
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3258
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3259
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"
              }
            ],
            "repeated": 0,
            "id": 3260
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3261
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3262
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3263
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3264
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3265
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3266
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3267
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3268
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3269
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3270
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x00\\x00\\x10\\xb8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3271
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3272
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3273
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3274
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3275
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 3276
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3277
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3278
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3279
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3280
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 3281
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3282
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3283
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3284
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3285
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 3286
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3287
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3288
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3289
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3290
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "WantsFORDISPLAY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsFORDISPLAY"
              }
            ],
            "repeated": 0,
            "id": 3291
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3292
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3293
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3294
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3295
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "HideFolderVerbs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\HideFolderVerbs"
              }
            ],
            "repeated": 0,
            "id": 3296
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3297
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3298
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3299
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3300
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "UseDropHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\UseDropHandler"
              }
            ],
            "repeated": 0,
            "id": 3301
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3302
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3303
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3304
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3305
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "WantsFORPARSING"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsFORPARSING"
              }
            ],
            "repeated": 0,
            "id": 3306
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3307
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3308
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3309
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3310
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "WantsParseDisplayName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsParseDisplayName"
              }
            ],
            "repeated": 0,
            "id": 3311
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3312
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3313
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3314
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3315
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "QueryForOverlay"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\QueryForOverlay"
              }
            ],
            "repeated": 0,
            "id": 3316
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3317
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3318
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3319
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3320
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "MapNetDriveVerbs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\MapNetDriveVerbs"
              }
            ],
            "repeated": 0,
            "id": 3321
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3322
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3323
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3324
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3325
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "QueryForInfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\QueryForInfoTip"
              }
            ],
            "repeated": 0,
            "id": 3326
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3327
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3328
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3329
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3330
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "HideOnDesktopPerUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\HideOnDesktopPerUser"
              }
            ],
            "repeated": 0,
            "id": 3331
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3332
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3333
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3334
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3335
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "WantsAliasedNotifications"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsAliasedNotifications"
              }
            ],
            "repeated": 0,
            "id": 3336
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3337
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3338
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3339
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3340
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "WantsUniversalDelegate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsUniversalDelegate"
              }
            ],
            "repeated": 0,
            "id": 3341
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3342
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3343
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3344
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3345
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "NoFileFolderJunction"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoFileFolderJunction"
              }
            ],
            "repeated": 0,
            "id": 3346
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3347
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3348
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3349
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3350
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "PinToNameSpaceTree"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\PinToNameSpaceTree"
              }
            ],
            "repeated": 0,
            "id": 3351
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3352
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3353
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3354
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3355
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "HasNavigationEnum"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\HasNavigationEnum"
              }
            ],
            "repeated": 0,
            "id": 3356
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3357
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3358
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3359
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3360
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "EnableThumbnails"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\EnableThumbnails"
              }
            ],
            "repeated": 0,
            "id": 3361
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3362
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3363
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3364
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3365
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "NoDefaultToFS"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoDefaultToFS"
              }
            ],
            "repeated": 0,
            "id": 3366
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3367
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3368
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3369
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3370
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "ParseDisplayNameNeedsURL"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\ParseDisplayNameNeedsURL"
              }
            ],
            "repeated": 0,
            "id": 3371
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3372
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3373
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3374
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3375
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "BlockNewFile"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\BlockNewFile"
              }
            ],
            "repeated": 0,
            "id": 3376
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3377
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3378
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3379
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3380
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "NoInitRequired"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoInitRequired"
              }
            ],
            "repeated": 0,
            "id": 3381
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3382
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3383
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3384
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3385
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "SafeRootForMTA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\SafeRootForMTA"
              }
            ],
            "repeated": 0,
            "id": 3386
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3387
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3388
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3389
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3390
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "WantsSendToTarget"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsSendToTarget"
              }
            ],
            "repeated": 0,
            "id": 3391
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3392
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3393
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3394
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3395
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "NoLocalizedNameInTarget"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoLocalizedNameInTarget"
              }
            ],
            "repeated": 0,
            "id": 3396
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 3397
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3398
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3399
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3400
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3401
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3402
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3403
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3404
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3405
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{F1893CCF-FB34-4AED-B144-34E940E2FA6D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}"
              }
            ],
            "repeated": 0,
            "id": 3406
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3407
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3408
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3409
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3410
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3411
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3412
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3413
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3414
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3415
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3416
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "18446744073450553605"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3417
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3418
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3419
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3420
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3421
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 3422
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3423
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3424
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3425
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3426
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 3427
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3428
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3429
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xf0\\xdc\\xef\\xd0\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xf2\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3430
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3431
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "5242912"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 3432
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 3433
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3434
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3435
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3436
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3437
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3438
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3439
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3440
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3441
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{F8278C54-A712-415B-B593-B77A2BE0DDA9}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}"
              }
            ],
            "repeated": 0,
            "id": 3442
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3443
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3444
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3445
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3446
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3447
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3448
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3449
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3450
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xefD\\xef8\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe0\\xf1\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3451
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3452
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "18446744072367374336"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3453
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3454
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3455
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xefD\\xef8\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe0\\xf1\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3456
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3457
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 3458
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3459
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3460
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xefD\\xef8\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe0\\xf1\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3461
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3462
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 3463
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3464
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3465
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xefD\\xef8\\xefn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe0\\xf1\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3466
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3467
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1040"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 3468
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 3469
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3470
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3471
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3472
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3473
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3474
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3475
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3476
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3477
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}"
              }
            ],
            "repeated": 0,
            "id": 3478
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3479
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3480
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3481
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3482
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 3483
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 3484
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3485
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3486
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xe7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00D\\xe8\\xf4\\xe7\\xe8\\xe7n\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x90\\xea\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3487
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 3488
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\CLSID"
              }
            ],
            "repeated": 0,
            "id": 3489
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x7486977e",
            "parentcaller": "0x747e779e",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 3490
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x748697c8",
            "parentcaller": "0x747e779e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3491
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x7486980e",
            "parentcaller": "0x747e779e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 3492
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3493
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3494
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3495
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 3496
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000354"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 3497
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000356"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3498
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000356"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3499
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xdc\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00L\\xdd\\xfc\\xdc\\xf0\\xdcV\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x98\\xdf\\x08\\x0b\\xbc^\\xb8uV\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3500
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 3501
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000356"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 3502
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000356"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3503
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000356"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3504
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xdc\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00L\\xdd\\xfc\\xdc\\xf0\\xdcV\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x98\\xdf\\x08\\x0b\\xbc^\\xb8uV\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3505
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 3506
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000356"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 3507
          },
          {
            "timestamp": "2026-06-28 21:56:16,949",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x74869a4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000356"
              }
            ],
            "repeated": 0,
            "id": 3508
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 3509
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x747e780c",
            "parentcaller": "0x74839a38",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x76a30000"
              }
            ],
            "repeated": 0,
            "id": 3510
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.storage.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x746e0000"
              }
            ],
            "repeated": 0,
            "id": 3511
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x747e780c",
            "parentcaller": "0x74839a38",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "5E5F29CE-E0A8-49D3-AF32-7A7BDC173478"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3512
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3513
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3514
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xe8\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xbc\\xe8l\\xe8`\\xe8n\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\x08\\xeb\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3515
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3516
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3517
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76240000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3518
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76240000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3519
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3520
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3521
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xe6\\x84\\xe6x\\xe6\\xbe\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xe9\\x08\\x0b\\xbc^\\xb8u\\xbe\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3522
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3523
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "ValueName",
                "value": "HideNonRemovableDrives"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\HideNonRemovableDrives"
              }
            ],
            "repeated": 0,
            "id": 3524
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3525
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3526
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xe6\\x84\\xe6x\\xe6\\xbe\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xe9\\x08\\x0b\\xbc^\\xb8u\\xbe\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3527
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3528
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "ValueName",
                "value": "HideNonRemovableDrives"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\HideNonRemovableDrives"
              }
            ],
            "repeated": 0,
            "id": 3529
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x7546d4bd",
            "parentcaller": "0x7546d41b",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 3530
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3531
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3532
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xe6\\x84\\xe6x\\xe6\\xbe\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xe9\\x08\\x0b\\xbc^\\xb8u\\xbe\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3533
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3534
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "ValueName",
                "value": "AllowChildAliasRegistration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration"
              }
            ],
            "repeated": 0,
            "id": 3535
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3536
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3537
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xe6\\x84\\xe6x\\xe6\\xbe\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xe9\\x08\\x0b\\xbc^\\xb8u\\xbe\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3538
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3539
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "ValueName",
                "value": "UseRemovableStorageRegPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\UseRemovableStorageRegPath"
              }
            ],
            "repeated": 0,
            "id": 3540
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3541
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3542
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xe6\\x84\\xe6x\\xe6\\xbe\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xe9\\x08\\x0b\\xbc^\\xb8u\\xbe\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3543
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3544
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "ValueName",
                "value": "UseRemovableDrivesRegPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\UseRemovableDrivesRegPath"
              }
            ],
            "repeated": 0,
            "id": 3545
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3546
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3547
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xe6\\x84\\xe6x\\xe6\\xbe\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xe9\\x08\\x0b\\xbc^\\xb8u\\xbe\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3548
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3549
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "ValueName",
                "value": "UseRemovableDrivesRegPath"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\UseRemovableDrivesRegPath"
              }
            ],
            "repeated": 0,
            "id": 3550
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x7546d4bd",
            "parentcaller": "0x7546d41b",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 3551
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3552
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives"
              }
            ],
            "repeated": 0,
            "id": 3553
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3554
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives"
              }
            ],
            "repeated": 0,
            "id": 3555
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3556
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3557
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xe6\\x84\\xe6x\\xe6\\xbe\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xe9\\x08\\x0b\\xbc^\\xb8u\\xbe\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3558
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3559
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "ValueName",
                "value": "NoDelegateSearchRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\NoDelegateSearchRoot"
              }
            ],
            "repeated": 0,
            "id": 3560
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3561
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3562
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xe6\\x84\\xe6x\\xe6\\xbe\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xe9\\x08\\x0b\\xbc^\\xb8u\\xbe\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3563
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3564
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "ValueName",
                "value": "HideNonStorageServiceMountedDrives"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\HideNonStorageServiceMountedDrives"
              }
            ],
            "repeated": 0,
            "id": 3565
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3566
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3567
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xe6\\x84\\xe6x\\xe6\\xbe\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xe9\\x08\\x0b\\xbc^\\xb8u\\xbe\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3568
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3569
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "ValueName",
                "value": "ForceAllDrivesRemovable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\ForceAllDrivesRemovable"
              }
            ],
            "repeated": 0,
            "id": 3570
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3571
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3572
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xe6\\x84\\xe6x\\xe6\\xbe\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xe9\\x08\\x0b\\xbc^\\xb8u\\xbe\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3573
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3574
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "ValueName",
                "value": "ShowAllOpticalDevices"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\ShowAllOpticalDevices"
              }
            ],
            "repeated": 0,
            "id": 3575
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7621302b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004be"
              }
            ],
            "repeated": 0,
            "id": 3576
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 3577
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3578
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives"
              }
            ],
            "repeated": 0,
            "id": 3579
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3580
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives"
              }
            ],
            "repeated": 0,
            "id": 3581
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3582
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 3583
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3584
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 3585
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 3586
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "MyComputer\\RemovableDrives"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\MyComputer\\RemovableDrives"
              }
            ],
            "repeated": 0,
            "id": 3587
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "MyComputer\\RemovableDrives\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\MyComputer\\RemovableDrives\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 3588
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747b8fb0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3589
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3590
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 3591
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3592
          },
          {
            "timestamp": "2026-06-28 21:56:16,965",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 3593
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b92ee6",
            "parentcaller": "0x76212299",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe .*"
              }
            ],
            "repeated": 0,
            "id": 3594
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b91571",
            "parentcaller": "0x76212413",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3595
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x76212420",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 3596
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b91571",
            "parentcaller": "0x7621243a",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3597
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3598
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3599
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3600
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3601
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3602
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 3603
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 3604
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3605
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3606
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 3607
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 3608
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3609
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3610
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3611
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x7486ea9e",
            "parentcaller": "0x74823020",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "C:\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3612
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3613
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 3614
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3615
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7482326c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3616
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 3617
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00o\\xb6d\\x1c\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 3618
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x748232a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3619
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3620
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 3621
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3622
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7482326c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3623
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 3624
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x748232a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3625
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x7486b902",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3626
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3627
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3628
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x7486b9ca",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xb0\\xed\\x04`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3629
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7486b91b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3630
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3631
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 3632
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3633
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7482326c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3634
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 3635
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x748232a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3636
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3637
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3638
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3639
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008",
                "pretty_value": "KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Drive\\shellex\\FolderExtensions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Drive\\shellex\\FolderExtensions"
              }
            ],
            "repeated": 0,
            "id": 3640
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008",
                "pretty_value": "KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Drive\\shellex\\FolderExtensions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions"
              }
            ],
            "repeated": 0,
            "id": 3641
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3642
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b81962",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3643
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3644
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xda\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x1c\\xdb\\xcc\\xda\\xc0\\xda\\xbe\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02h\\xdd\\x08\\x0b\\xbc^\\xb8u\\xbe\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3645
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Drive\\shellex\\FolderExtensions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Drive\\shellex\\FolderExtensions"
              }
            ],
            "repeated": 0,
            "id": 3646
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b823a7",
            "parentcaller": "0x75b82302",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3647
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3648
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3649
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3650
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
              }
            ],
            "repeated": 0,
            "id": 3651
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75720000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0003b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3652
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3653
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3654
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xda\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x84\\xdb4\\xdb(\\xdbn\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd0\\xdd\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3655
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x76f4ffdf",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75757000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3656
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
              }
            ],
            "repeated": 0,
            "id": 3657
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x76f50087",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75755000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3658
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x76f500b5",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75755000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3659
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "DriveMask"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask"
              }
            ],
            "repeated": 0,
            "id": 3660
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 3661
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3662
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b823a7",
            "parentcaller": "0x75b82302",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004be"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3663
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x748212a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004be"
              }
            ],
            "repeated": 0,
            "id": 3664
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75755000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3665
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3666
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x76f4f089",
            "parentcaller": "0x76f52308",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3667
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3668
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75755000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3669
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\CFGMGR32"
              },
              {
                "name": "DllBase",
                "value": "0x75720000"
              }
            ],
            "repeated": 0,
            "id": 3670
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3671
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3672
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "UseFindFirstFileEnumeration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration"
              }
            ],
            "repeated": 0,
            "id": 3673
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3674
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3675
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3676
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "UseFindFirstFileEnumeration"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration"
              }
            ],
            "repeated": 0,
            "id": 3677
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8334",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3678
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3679
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x747f100a",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3680
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x747f10ac",
            "parentcaller": "0x747f0e26",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004bc"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xean:\\xdd\\xac\\xd5\\x017\\xa7\\xfd\\xe3w\\x07\\xdd\\x01oE\\xfb\\xe3w\\x07\\xdd\\x01oE\\xfb\\xe3w\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\x01\\x00\\x00\\x00\\x00\\x01\\x00U\\x00s\\x00e\\x00r\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 3681
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747f0e4c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3682
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75c63000"
              },
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3683
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75c63000"
              },
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3684
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 3685
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x7572d193",
            "parentcaller": "0x75731bb5",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "GENERIC_READ"
              },
              {
                "name": "FileName",
                "value": "\\Device\\DeviceApi\\CMApi"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "0"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3686
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x76f3002d",
            "parentcaller": "0x75728278",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 3687
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x76f3002d",
            "parentcaller": "0x75728278",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\cfgmgr32"
              },
              {
                "name": "BaseAddress",
                "value": "0x75720000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7572d450"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3688
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3689
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3690
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x7572d6f5",
            "parentcaller": "0x7572d654",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000004c0"
              },
              {
                "name": "IoControlCode",
                "value": "0x00470807"
              },
              {
                "name": "InBuffer",
                "value": "$\\x00\\x00\\x00\\x00\\x00\\x01\\x00\rc\\xf5S\\xbf\\xb6\\xd0\\x11\\x94\\xf2\\x00\\xa0\\xc9\\x1e\\xfb\\x8b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x14\\x00\\x00\\x00#\\x00\\x00\\xc0\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3691
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x7572c2c6",
            "parentcaller": "0x7572c173",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000004c0"
              },
              {
                "name": "IoControlCode",
                "value": "0x00470807"
              },
              {
                "name": "InBuffer",
                "value": "$\\x00\\x00\\x00\\x00\\x00\\x01\\x00\rc\\xf5S\\xbf\\xb6\\xd0\\x11\\x94\\xf2\\x00\\xa0\\xc9\\x1e\\xfb\\x8b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00"
              }
            ],
            "repeated": 0,
            "id": 3692
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b9fd84",
            "parentcaller": "0x74824380",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000004c4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 3693
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3694
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "Milliseconds",
                "value": "1000"
              }
            ],
            "repeated": 0,
            "id": 3695
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2736",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3696
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2736",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3697
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2736",
            "caller": "0x748807cb",
            "parentcaller": "0x76f694b0",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "\\\\?\\STORAGE#Volume#{1c192ddb-7371-11f1-9cd4-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{e1e1ae7a-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3698
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b9106a",
            "parentcaller": "0x748243cc",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3699
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3700
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2736",
            "caller": "0x75b9106a",
            "parentcaller": "0x7486fd9d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3701
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 3702
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{e1e1ae7a-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3703
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b8696b",
            "parentcaller": "0x7482326c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3704
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 3705
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\xc4\\xd8c\\xf2\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 3706
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b8696b",
            "parentcaller": "0x748232a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3707
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3708
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 3709
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\propsys.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73720000"
              }
            ],
            "repeated": 0,
            "id": 3710
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b9106a",
            "parentcaller": "0x748243cc",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3711
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3712
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 3713
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3714
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b8696b",
            "parentcaller": "0x7482326c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3715
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 3716
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00o\\xb6d\\x1c\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 3717
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b8696b",
            "parentcaller": "0x748232a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3718
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3719
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 3720
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3721
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b8696b",
            "parentcaller": "0x7482326c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3722
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 3723
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b8696b",
            "parentcaller": "0x748232a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3724
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b9fd84",
            "parentcaller": "0x74824380",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000004c8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 3725
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x747e8363",
            "parentcaller": "0x747e6b20",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1F486A52-3CB1-48FD-8F50-B8DC300D9F9D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ECF31D61-E474-453C-BEE7-DE68E441C6D0"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3726
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2736",
            "caller": "0x75b9106a",
            "parentcaller": "0x7486fd9d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3727
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7375e548",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffc"
              }
            ],
            "repeated": 1,
            "id": 3728
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e294",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*cversions.1"
              }
            ],
            "repeated": 0,
            "id": 3729
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2736",
            "caller": "0x748807cb",
            "parentcaller": "0x76f694b0",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "\\\\?\\STORAGE#Volume#{1c192ddb-7371-11f1-9cd4-806e6f6e6963}#00000008E0100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{e1e1ae7a-0000-0000-0000-10e008000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3730
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b9106a",
            "parentcaller": "0x748243cc",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3731
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3732
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e294",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro"
              }
            ],
            "repeated": 0,
            "id": 3733
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7375e548",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffc"
              }
            ],
            "repeated": 0,
            "id": 3734
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 3735
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x73760337",
            "parentcaller": "0x7375e3dc",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches"
              }
            ],
            "repeated": 0,
            "id": 3736
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3737
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b8f2b0",
            "parentcaller": "0x75b97cd6",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\MountPointManager"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InputBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3738
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3739
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x7375feba",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3740
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x7375fed8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3741
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x7375ff1a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x1c\\xe4\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3742
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7375ff3f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3743
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b8f2b0",
            "parentcaller": "0x75b97cd6",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\MountPointManager"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InputBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3744
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b9106a",
            "parentcaller": "0x75b97d3a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3745
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "2856",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3746
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75baacf0",
            "parentcaller": "0x73760249",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 3747
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75baad3d",
            "parentcaller": "0x73760249",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3748
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75baacf0",
            "parentcaller": "0x7376027e",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 3749
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75baad3d",
            "parentcaller": "0x7376027e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3750
          },
          {
            "timestamp": "2026-06-28 21:56:16,980",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x7376029c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f01ff"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3751
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3752
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x7375feba",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3753
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x7375fed8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3754
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x7375ff1a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x1c\\xe4\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3755
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7375ff3f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3756
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8f828",
            "parentcaller": "0x75b8f48e",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro"
              },
              {
                "name": "FileHandle",
                "value": "0x000004bc"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db"
              }
            ],
            "repeated": 0,
            "id": 3757
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7375e046",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3758
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9da9b",
            "parentcaller": "0x7375e063",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0b08c7cc"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3759
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e294",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              }
            ],
            "repeated": 0,
            "id": 3760
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3761
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9f14d",
            "parentcaller": "0x7375fc7d",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x80\\x02\\x00\\x00\\x00\\x00\\x00\\x10p\\x02\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3762
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x7375feba",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3763
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x7375fed8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3764
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x7375ff1a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x1e\\xe4\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3765
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7375ff3f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3766
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8f828",
            "parentcaller": "0x75b8f48e",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              },
              {
                "name": "FileHandle",
                "value": "0x000004bc"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              }
            ],
            "repeated": 0,
            "id": 3767
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7375fca1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3768
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9da9b",
            "parentcaller": "0x73752e49",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0b08d674"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3769
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x748104e7",
            "parentcaller": "0x747e84a6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3770
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x755f8c69",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000006"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\windows_shell_global_counters"
              }
            ],
            "repeated": 0,
            "id": 3771
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9da9b",
            "parentcaller": "0x755f8b17",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a10000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0b08d694"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3772
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x748104e7",
            "parentcaller": "0x747e84a6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 4,
            "id": 3773
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x73760107",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3774
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7375e548",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffc"
              }
            ],
            "repeated": 0,
            "id": 3775
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x737601d2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3776
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9f5a5",
            "parentcaller": "0x737601e1",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3777
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f0bb",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 3778
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 3779
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3780
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3781
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75baa9ec",
            "parentcaller": "0x7480f158",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xae\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3782
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b90e6c",
            "parentcaller": "0x7480f1a1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x008\\x001\\x003\\x00\r\\x00\n\\x00"
              },
              {
                "name": "Length",
                "value": "174"
              }
            ],
            "repeated": 0,
            "id": 3783
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x7480f1f4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "-j\\xb5\\xc9\\xde\\xac\\xd5\\x01\\xc6\\xb43\\xf0|\\x07\\xdd\\x01\\xb8\\x818{\\xde\\xac\\xd5\\x01G%\\xa9s}\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3784
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480f20b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3785
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x7480f215",
            "parentcaller": "0x7480f05c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3786
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f254",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 3787
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 3788
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3789
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 3790
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x747e8126",
            "parentcaller": "0x74838450",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3791
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3792
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3793
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DontShowSuperHidden"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden"
              }
            ],
            "repeated": 0,
            "id": 3794
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3795
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3796
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3797
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DontShowSuperHidden"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden"
              }
            ],
            "repeated": 0,
            "id": 3798
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3799
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\"
              }
            ],
            "repeated": 0,
            "id": 3800
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ShellState"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState"
              }
            ],
            "repeated": 0,
            "id": 3801
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ShellState"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "$\\x00\\x00\\x004(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState"
              }
            ],
            "repeated": 0,
            "id": 3802
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x74834986",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3803
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3804
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3805
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "NoWebView"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView"
              }
            ],
            "repeated": 0,
            "id": 3806
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3807
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3808
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3809
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "NoWebView"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView"
              }
            ],
            "repeated": 0,
            "id": 3810
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3811
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3812
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3813
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ClassicShell"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell"
              }
            ],
            "repeated": 0,
            "id": 3814
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3815
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3816
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3817
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ClassicShell"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell"
              }
            ],
            "repeated": 0,
            "id": 3818
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3819
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3820
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3821
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "SeparateProcess"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess"
              }
            ],
            "repeated": 0,
            "id": 3822
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3823
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3824
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3825
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "SeparateProcess"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess"
              }
            ],
            "repeated": 0,
            "id": 3826
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3827
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3828
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3829
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "NoNetCrawling"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling"
              }
            ],
            "repeated": 0,
            "id": 3830
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3831
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3832
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3833
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "NoNetCrawling"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling"
              }
            ],
            "repeated": 0,
            "id": 3834
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3835
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Advanced"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
              }
            ],
            "repeated": 0,
            "id": 3836
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Hidden"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden"
              }
            ],
            "repeated": 0,
            "id": 3837
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ShowCompColor"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor"
              }
            ],
            "repeated": 0,
            "id": 3838
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "HideFileExt"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt"
              }
            ],
            "repeated": 0,
            "id": 3839
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "DontPrettyPath"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath"
              }
            ],
            "repeated": 0,
            "id": 3840
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ShowInfoTip"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip"
              }
            ],
            "repeated": 0,
            "id": 3841
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "HideIcons"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons"
              }
            ],
            "repeated": 0,
            "id": 3842
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "MapNetDrvBtn"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn"
              }
            ],
            "repeated": 0,
            "id": 3843
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "WebView"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView"
              }
            ],
            "repeated": 0,
            "id": 3844
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "Filter"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter"
              }
            ],
            "repeated": 0,
            "id": 3845
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ShowSuperHidden"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden"
              }
            ],
            "repeated": 0,
            "id": 3846
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "SeparateProcess"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess"
              }
            ],
            "repeated": 0,
            "id": 3847
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8f11f",
            "parentcaller": "0x7484fed3",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 3848
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x7484fea4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 3849
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x7484fd8e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 3850
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x7484fd0d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 3851
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x748286ba",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 3852
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x7484fe4d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 3853
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x748269de",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 3854
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8fb07",
            "parentcaller": "0x7484ffd7",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:3412:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3855
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x748501d2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 3856
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3857
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3858
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480d42e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3859
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b94290",
            "parentcaller": "0x748501b1",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 1,
            "id": 3860
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "NoNetCrawling"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling"
              }
            ],
            "repeated": 0,
            "id": 3861
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "AutoCheckSelect"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect"
              }
            ],
            "repeated": 0,
            "id": 3862
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "IconsOnly"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly"
              }
            ],
            "repeated": 0,
            "id": 3863
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ShowTypeOverlay"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay"
              }
            ],
            "repeated": 0,
            "id": 3864
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ValueName",
                "value": "ShowStatusBar"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar"
              }
            ],
            "repeated": 0,
            "id": 3865
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x74834eae",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3866
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x7481708d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3867
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x7481715c",
            "parentcaller": "0x748170b0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3868
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x748170ef",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 3869
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3870
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3871
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3872
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Directory"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory"
              }
            ],
            "repeated": 0,
            "id": 3873
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Directory"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory"
              }
            ],
            "repeated": 0,
            "id": 3874
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3875
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3876
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xd5\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x004\\xd6\\xe4\\xd5\\xd8\\xd5n\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x80\\xd8\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3877
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Directory\\ShellEx\\IconHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 3878
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 3879
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3880
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3881
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3882
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Folder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder"
              }
            ],
            "repeated": 0,
            "id": 3883
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Folder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Folder"
              }
            ],
            "repeated": 0,
            "id": 3884
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3885
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3886
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xd5\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x004\\xd6\\xe4\\xd5\\xd8\\xd5\\xce\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x80\\xd8\\x08\\x0b\\xbc^\\xb8u\\xce\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3887
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Folder\\ShellEx\\IconHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 3888
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ce"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 3889
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3890
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3891
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3892
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "AllFilesystemObjects"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 3893
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 3894
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3895
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3896
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xd5\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x004\\xd6\\xe4\\xd5\\xd8\\xd5\\xc6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x80\\xd8\\x08\\x0b\\xbc^\\xb8u\\xc6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3897
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\AllFilesystemObjects\\ShellEx\\IconHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 3898
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004c6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 3899
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3900
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3901
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xd6\\xa4\\xd6\\x98\\xd6n\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd9\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3902
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Directory"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory"
              }
            ],
            "repeated": 0,
            "id": 3903
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3904
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3905
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3906
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xd7\\x1c\\xd7\\x10\\xd7n\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb8\\xd9\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3907
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Directory\\DocObject"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3908
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DocObject"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3909
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3910
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3911
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xd6\\xa4\\xd6\\x98\\xd6\\xce\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd9\\x08\\x0b\\xbc^\\xb8u\\xce\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3912
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Folder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder"
              }
            ],
            "repeated": 0,
            "id": 3913
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3914
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3915
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3916
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xd7\\x1c\\xd7\\x10\\xd7\\xce\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb8\\xd9\\x08\\x0b\\xbc^\\xb8u\\xce\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3917
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Folder\\DocObject"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3918
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ce"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DocObject"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3919
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3920
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3921
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xd6\\xa4\\xd6\\x98\\xd6\\xc6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd9\\x08\\x0b\\xbc^\\xb8u\\xc6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3922
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\AllFilesystemObjects"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 3923
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3924
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3925
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3926
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xd7\\x1c\\xd7\\x10\\xd7\\xc6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb8\\xd9\\x08\\x0b\\xbc^\\xb8u\\xc6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3927
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\AllFilesystemObjects\\DocObject"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3928
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004c6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DocObject"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3929
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3930
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3931
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xd6\\xa4\\xd6\\x98\\xd6n\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd9\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3932
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Directory"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory"
              }
            ],
            "repeated": 0,
            "id": 3933
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3934
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3935
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3936
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xd7\\x1c\\xd7\\x10\\xd7n\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb8\\xd9\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3937
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Directory\\BrowseInPlace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3938
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "BrowseInPlace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3939
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3940
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3941
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xd6\\xa4\\xd6\\x98\\xd6\\xce\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd9\\x08\\x0b\\xbc^\\xb8u\\xce\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3942
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Folder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder"
              }
            ],
            "repeated": 0,
            "id": 3943
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3944
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3945
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3946
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xd7\\x1c\\xd7\\x10\\xd7\\xce\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb8\\xd9\\x08\\x0b\\xbc^\\xb8u\\xce\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3947
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Folder\\BrowseInPlace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3948
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ce"
              },
              {
                "name": "ObjectAttributesName",
                "value": "BrowseInPlace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3949
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3950
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3951
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xd6\\xa4\\xd6\\x98\\xd6\\xc6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd9\\x08\\x0b\\xbc^\\xb8u\\xc6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3952
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\AllFilesystemObjects"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 3953
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3954
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3955
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3956
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xd7\\x1c\\xd7\\x10\\xd7\\xc6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb8\\xd9\\x08\\x0b\\xbc^\\xb8u\\xc6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3957
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\AllFilesystemObjects\\BrowseInPlace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3958
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004c6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "BrowseInPlace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3959
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3960
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3961
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xca\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xc4\\xcat\\xcah\\xcan\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\xcd\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3962
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Directory\\Clsid"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 3963
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Clsid"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 3964
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3965
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3966
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xca\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xcb\\xd4\\xca\\xc8\\xca\\xce\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\xcd\\x08\\x0b\\xbc^\\xb8u\\xce\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3967
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Folder\\Clsid"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 3968
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ce"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Clsid"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 3969
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3970
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3971
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xca\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xcb\\xd4\\xca\\xc8\\xca\\xc6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00p\\xcd\\x08\\x0b\\xbc^\\xb8u\\xc6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3972
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\AllFilesystemObjects\\Clsid"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 3973
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004c6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Clsid"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 3974
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3975
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3976
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xd6\\xa4\\xd6\\x98\\xd6n\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd9\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3977
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Directory"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory"
              }
            ],
            "repeated": 0,
            "id": 3978
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 3979
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3980
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3981
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xd6\\xa4\\xd6\\x98\\xd6\\xce\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd9\\x08\\x0b\\xbc^\\xb8u\\xce\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3982
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Folder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder"
              }
            ],
            "repeated": 0,
            "id": 3983
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 3984
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3985
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3986
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xd6\\xa4\\xd6\\x98\\xd6\\xc6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd9\\x08\\x0b\\xbc^\\xb8u\\xc6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3987
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\AllFilesystemObjects"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 3988
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 3989
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3990
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3991
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xd6\\xa4\\xd6\\x98\\xd6n\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd9\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3992
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Directory"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory"
              }
            ],
            "repeated": 0,
            "id": 3993
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "AlwaysShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt"
              }
            ],
            "repeated": 0,
            "id": 3994
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Directory"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3995
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3996
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xd6\\xa4\\xd6\\x98\\xd6n\\x03\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd9\\x08\\x0b\\xbc^\\xb8un\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3997
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Directory"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Directory"
              }
            ],
            "repeated": 0,
            "id": 3998
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036e"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 3999
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Folder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4000
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4001
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xd6\\xa4\\xd6\\x98\\xd6\\xce\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd9\\x08\\x0b\\xbc^\\xb8u\\xce\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4002
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\Folder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Folder"
              }
            ],
            "repeated": 0,
            "id": 4003
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ce"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 4004
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4005
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4006
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xd6\\xa4\\xd6\\x98\\xd6\\xc6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd9\\x08\\x0b\\xbc^\\xb8u\\xc6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4007
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\AllFilesystemObjects"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 4008
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 4009
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75625244",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036e"
              }
            ],
            "repeated": 0,
            "id": 4010
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75625244",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ce"
              }
            ],
            "repeated": 0,
            "id": 4011
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75625244",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c6"
              }
            ],
            "repeated": 0,
            "id": 4012
          },
          {
            "timestamp": "2026-06-28 21:56:16,996",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4013
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 4014
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x747f100a",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4015
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x747f10ac",
            "parentcaller": "0x747f0e26",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8.\\xdf\\xeev\\x07\\xdd\\x01\\xf8m>Pz\\x07\\xdd\\x01\\xf8m>Pz\\x07\\xdd\\x01\\xf8m>Pz\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfbd\\x01\\x00\\x00\\x00\\x02\\x00R\\x00a\\x00j\\x00e\\x00s\\x00h\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 4016
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747f0e4c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4017
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 4018
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x747e8126",
            "parentcaller": "0x74838450",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4019
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4020
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4021
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x747f100a",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4022
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x747f10ac",
            "parentcaller": "0x747f0e26",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8c\\xf5\\xe3\\xeev\\x07\\xdd\\x01\\xd4\\xf0!\\xefv\\x07\\xdd\\x01\\xd4\\xf0!\\xefv\\x07\\xdd\\x01\\xd4\\xf0!\\xefv\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06e\\x01\\x00\\x00\\x00\\x01\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 4023
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747f0e4c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4024
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4025
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x747f100a",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4026
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x747f10ac",
            "parentcaller": "0x747f0e26",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe5U\\xe6\\xeev\\x07\\xdd\\x01l\\x90\\xc1\\xb2H\\x07\\xdd\\x01l\\x90\\xc1\\xb2H\\x07\\xdd\\x01l\\x90\\xc1\\xb2H\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19e\\x01\\x00\\x00\\x00\\x01\\x00L\\x00o\\x00c\\x00a\\x00l\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 4027
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747f0e4c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4028
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4029
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x747f100a",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4030
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x747f10ac",
            "parentcaller": "0x747f0e26",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe5U\\xe6\\xeev\\x07\\xdd\\x01p\\xc6\\x93\\xf0H\\x07\\xdd\\x01p\\xc6\\x93\\xf0H\\x07\\xdd\\x01p\\xc6\\x93\\xf0H\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1ae\\x01\\x00\\x00\\x00\\x01\\x00T\\x00e\\x00m\\x00p\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 4031
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747f0e4c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4032
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e45000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4033
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4034
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x747f100a",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4035
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x747f10ac",
            "parentcaller": "0x747f0e26",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xc6\\x93\\xf0H\\x07\\xdd\\x01\\xd7\\xe6\\xf1\\xf0H\\x07\\xdd\\x01\\xd7\\xe6\\xf1\\xf0H\\x07\\xdd\\x01\\xd7\\xe6\\xf1\\xf0H\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x008\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xac\\x01\\x00\\x00\\x00\\x01\\x000\\x005\\x001\\x007\\x007\\x005\\x00d\\x001\\x009\\x00d\\x00e\\x00f\\x00b\\x00d\\x002\\x004\\x00b\\x008\\x00d\\x00c\\x008\\x002\\x00a\\x00d\\x002\\x008\\x002\\x00a\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 4036
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747f0e4c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4037
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4038
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x747f100a",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4039
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x747f10ac",
            "parentcaller": "0x747f0e26",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd7\\xe6\\xf1\\xf0H\\x07\\xdd\\x01\\x818\\xfb\\xf1H\\x07\\xdd\\x01\\x85\\x87\\xea\\xf1H\\x07\\xdd\\x01\\x85\\x87\\xea\\xf1H\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00W\\xac\\x01\\x00\\x00\\x00\\x01\\x00v\\x00s\\x00_\\x00b\\x00o\\x00o\\x00t\\x00s\\x00t\\x00r\\x00a\\x00p\\x00p\\x00e\\x00r\\x00_\\x00d\\x001\\x005\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 4040
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747f0e4c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4041
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e46000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4042
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4043
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x747f100a",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4044
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x747f10ac",
            "parentcaller": "0x747f0e26",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd2b\\xcf\\x8f\\x10\\xdc\\x01\\x00\\xd2b\\xcf\\x8f\\x10\\xdc\\x01\\x00\\xd2b\\xcf\\x8f\\x10\\xdc\\x017\\x06;\\xf1H\\x07\\xdd\\x01xU\\x06\\x00\\x00\\x00\\x00\\x00\\x00`\\x06\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00u\\xac\\x01\\x00\\x00\\x00\\x01\\x00v\\x00s\\x00_\\x00s\\x00e\\x00t\\x00u\\x00p\\x00_\\x00b\\x00o\\x00o\\x00t\\x00s\\x00t\\x00r\\x00a\\x00p\\x00p\\x00e\\x00r\\x00.\\x00e\\x00x\\x00e\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 4045
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747f0e4c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4046
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e47000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4047
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4048
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4049
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "AllowFileCLSIDJunctions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions"
              }
            ],
            "repeated": 0,
            "id": 4050
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4051
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4052
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4053
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "AllowFileCLSIDJunctions"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions"
              }
            ],
            "repeated": 0,
            "id": 4054
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4055
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4056
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap"
              }
            ],
            "repeated": 0,
            "id": 4057
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": ".exe"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "program"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4058
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7374820f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4059
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4060
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4061
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4062
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": ".exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4063
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4064
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4065
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4066
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xcb\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00|\\xcc,\\xcc \\xcc\\xc6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xc8\\xce\\x08\\x0b\\xbc^\\xb8u\\xc6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4067
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4068
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c6"
              },
              {
                "name": "ValueName",
                "value": "Content Type"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "application/x-msdownload"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type"
              }
            ],
            "repeated": 0,
            "id": 4069
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73748252",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c6"
              }
            ],
            "repeated": 0,
            "id": 4070
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4071
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4072
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4073
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4074
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x7376a16b",
            "parentcaller": "0x7376df08",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1F486A52-3CB1-48FD-8F50-B8DC300D9F9D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ECF31D61-E474-453C-BEE7-DE68E441C6D0"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4075
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4076
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4077
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4078
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73762259",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 4079
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x7376226a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 4080
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e4a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4081
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e294",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2"
              }
            ],
            "repeated": 0,
            "id": 4082
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e2ff",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2"
              }
            ],
            "repeated": 0,
            "id": 4083
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e294",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro"
              }
            ],
            "repeated": 0,
            "id": 4084
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e2ff",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro"
              }
            ],
            "repeated": 0,
            "id": 4085
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9da9b",
            "parentcaller": "0x7375de75",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0b08c74c"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4086
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e294",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db"
              }
            ],
            "repeated": 0,
            "id": 4087
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e2ff",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db"
              }
            ],
            "repeated": 0,
            "id": 4088
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9da9b",
            "parentcaller": "0x73752e49",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b290000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0b08d5f4"
              },
              {
                "name": "ViewSize",
                "value": "0x00049000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4089
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4090
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4091
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b91571",
            "parentcaller": "0x75b93f35",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4092
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x75b93f3f",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\propsys.dll"
              }
            ],
            "repeated": 0,
            "id": 4093
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b91571",
            "parentcaller": "0x75b93f4b",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4094
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x737627d9",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\propsys.dll"
              }
            ],
            "repeated": 0,
            "id": 4095
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x737627d9",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\propsys.dll"
              }
            ],
            "repeated": 0,
            "id": 4096
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e294",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2"
              }
            ],
            "repeated": 0,
            "id": 4097
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e2ff",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2"
              }
            ],
            "repeated": 0,
            "id": 4098
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e294",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro"
              }
            ],
            "repeated": 0,
            "id": 4099
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e2ff",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro"
              }
            ],
            "repeated": 0,
            "id": 4100
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9da9b",
            "parentcaller": "0x7375de75",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000036c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b2e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0b08c6a4"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4101
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e294",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db"
              }
            ],
            "repeated": 0,
            "id": 4102
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e2ff",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db"
              }
            ],
            "repeated": 0,
            "id": 4103
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9da9b",
            "parentcaller": "0x73752e49",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b2f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0b08d54c"
              },
              {
                "name": "ViewSize",
                "value": "0x0009c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4104
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b91571",
            "parentcaller": "0x75b93f35",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4105
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x75b93f3f",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\propsys.dll"
              }
            ],
            "repeated": 0,
            "id": 4106
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b91571",
            "parentcaller": "0x75b93f4b",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4107
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x737627d9",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\propsys.dll"
              }
            ],
            "repeated": 0,
            "id": 4108
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x737627d9",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\propsys.dll"
              }
            ],
            "repeated": 0,
            "id": 4109
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f51f50",
            "parentcaller": "0x76f38d78",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              }
            ],
            "repeated": 0,
            "id": 4110
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f392db",
            "parentcaller": "0x76f39742",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\PROPSYS.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 4111
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f392db",
            "parentcaller": "0x76f39742",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\en-US\\PROPSYS.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 4112
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f3978c",
            "parentcaller": "0x76f3926e",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\en-US\\propsys.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 4113
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f397b4",
            "parentcaller": "0x76f3926e",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b390000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0b08c438"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4114
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f397c4",
            "parentcaller": "0x76f3926e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 4115
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e4d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4116
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x7481708d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 4117
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x7481715c",
            "parentcaller": "0x748170b0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4118
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x748170ef",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 4119
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4120
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4121
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4122
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": ".exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4123
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4124
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4125
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4126
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xd2\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x14\\xd3\\xc4\\xd2\\xb8\\xd2\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02`\\xd5\\x08\\x0b\\xbc^\\xb8u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4127
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4128
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "exefile"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4129
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4130
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4131
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4132
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 4133
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 4134
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4135
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4136
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xd3\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xd3D\\xd38\\xd3\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xe0\\xd5\\x08\\x0b\\xbc^\\xb8u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4137
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 4138
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 4139
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4140
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4141
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xd3\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xd4\\xd4\\xd3\\xc8\\xd3\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00p\\xd6\\x08\\x0b\\xbc^\\xb8u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4142
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 4143
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\"
              }
            ],
            "repeated": 0,
            "id": 4144
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x748175e8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e2"
              }
            ],
            "repeated": 0,
            "id": 4145
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4146
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4147
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xd4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xa4\\xd4T\\xd4H\\xd4\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf0\\xd6\\x08\\x0b\\xbc^\\xb8u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4148
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\ShellEx\\IconHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 4149
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 4150
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4151
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4152
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4153
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SystemFileAssociations\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4154
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4155
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4156
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4157
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xd4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xa4\\xd4T\\xd4H\\xd4\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf0\\xd6\\x08\\x0b\\xbc^\\xb8u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4158
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 4159
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 4160
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4161
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4162
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\\\xd5\\x0c\\xd5\\x00\\xd5\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa8\\xd7\\x08\\x0b\\xbc^\\xb8u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4163
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 4164
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 4165
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4166
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4167
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xd5\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xd5\\x84\\xd5x\\xd5\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\xd8\\x08\\x0b\\xbc^\\xb8u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4168
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\DocObject"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 4169
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DocObject"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 4170
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4171
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4172
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\\\xd5\\x0c\\xd5\\x00\\xd5\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa8\\xd7\\x08\\x0b\\xbc^\\xb8u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4173
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4174
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 4175
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4176
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4177
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xd5\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xd5\\x84\\xd5x\\xd5\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\xd8\\x08\\x0b\\xbc^\\xb8u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4178
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\SystemFileAssociations\\.exe\\DocObject"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 4179
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DocObject"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 4180
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4181
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4182
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\\\xd5\\x0c\\xd5\\x00\\xd5\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa8\\xd7\\x08\\x0b\\xbc^\\xb8u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4183
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 4184
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 4185
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4186
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4187
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xd5\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xd5\\x84\\xd5x\\xd5\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\xd8\\x08\\x0b\\xbc^\\xb8u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4188
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\BrowseInPlace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 4189
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "BrowseInPlace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 4190
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4191
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4192
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\\\xd5\\x0c\\xd5\\x00\\xd5\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa8\\xd7\\x08\\x0b\\xbc^\\xb8u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4193
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4194
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 4195
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4196
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4197
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xd5\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xd5\\x84\\xd5x\\xd5\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00 \\xd8\\x08\\x0b\\xbc^\\xb8u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4198
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\SystemFileAssociations\\.exe\\BrowseInPlace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 4199
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "BrowseInPlace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 4200
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4201
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4202
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xc9\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xc9\\x84\\xc9x\\xc9\\xde\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xcc\\x08\\x0b\\xbc^\\xb8u\\xde\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4203
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4204
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004de"
              },
              {
                "name": "ValueName",
                "value": "Content Type"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "application/x-msdownload"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type"
              }
            ],
            "repeated": 0,
            "id": 4205
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4206
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4207
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc8\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xc9\\xdc\\xc8\\xd0\\xc8\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00x\\xcb\\x08\\x0b\\xbc^\\xb8u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4208
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\Clsid"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 4209
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Clsid"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 4210
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4211
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4212
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xc9\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x8c\\xc9<\\xc90\\xc9\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd8\\xcb\\x08\\x0b\\xbc^\\xb8u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4213
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\SystemFileAssociations\\.exe\\Clsid"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 4214
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Clsid"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 4215
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4216
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4217
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\\\xd5\\x0c\\xd5\\x00\\xd5\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa8\\xd7\\x08\\x0b\\xbc^\\xb8u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4218
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 4219
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 4220
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4221
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4222
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\\\xd5\\x0c\\xd5\\x00\\xd5\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa8\\xd7\\x08\\x0b\\xbc^\\xb8u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4223
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4224
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 4225
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4226
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4227
          },
          {
            "timestamp": "2026-06-28 21:56:17,011",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\\\xd5\\x0c\\xd5\\x00\\xd5\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa8\\xd7\\x08\\x0b\\xbc^\\xb8u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4228
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 4229
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": "AlwaysShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt"
              }
            ],
            "repeated": 0,
            "id": 4230
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4231
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4232
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\\\xd5\\x0c\\xd5\\x00\\xd5\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa8\\xd7\\x08\\x0b\\xbc^\\xb8u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4233
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4234
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": "AlwaysShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt"
              }
            ],
            "repeated": 0,
            "id": 4235
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4236
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4237
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\\\xd5\\x0c\\xd5\\x00\\xd5\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa8\\xd7\\x08\\x0b\\xbc^\\xb8u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4238
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 4239
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 4240
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4241
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4242
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\\\xd5\\x0c\\xd5\\x00\\xd5\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa8\\xd7\\x08\\x0b\\xbc^\\xb8u\\xe2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4243
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\SystemFileAssociations\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe"
              }
            ],
            "repeated": 0,
            "id": 4244
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e2"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 4245
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75625244",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004de"
              }
            ],
            "repeated": 0,
            "id": 4246
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75625244",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              }
            ],
            "repeated": 0,
            "id": 4247
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75625244",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e2"
              }
            ],
            "repeated": 0,
            "id": 4248
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4249
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4250
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              }
            ],
            "repeated": 0,
            "id": 4251
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 4252
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4253
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4254
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4255
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4256
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4257
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4258
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4259
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21769"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4260
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-183"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4261
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4262
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4263
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4264
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4265
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4266
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4267
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4268
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4269
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4270
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4271
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4272
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4273
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4274
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4275
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4276
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4277
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xde\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4278
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 4279
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 4280
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 4281
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4\\xdc\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xffd\\xdd\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st\\x88\\xdd\\x08\\x0b\\x84\\xdd\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4282
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4283
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4284
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 4285
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Desktop"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%USERPROFILE%\\Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop"
              }
            ],
            "repeated": 0,
            "id": 4286
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4287
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4288
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 4289
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f0bb",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 4290
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 4291
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4292
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Desktop\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4293
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75baa9ec",
            "parentcaller": "0x7480f158",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Desktop\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1a\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4294
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b90e6c",
            "parentcaller": "0x7480f1a1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Desktop\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x006\\x009\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "282"
              }
            ],
            "repeated": 0,
            "id": 4295
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x7480f1f4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Desktop\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "E\\x90\\xf7\\xf7v\\x07\\xdd\\x01\\x1c\\xc3I\\xf2|\\x07\\xdd\\x01E\\x90\\xf7\\xf7v\\x07\\xdd\\x01E\\x90\\xf7\\xf7v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4296
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480f20b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4297
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x7480f215",
            "parentcaller": "0x7480f05c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4298
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f254",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 4299
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 4300
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4301
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4302
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings"
              }
            ],
            "repeated": 0,
            "id": 4303
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4304
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings"
              }
            ],
            "repeated": 0,
            "id": 4305
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4306
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4307
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4308
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              }
            ],
            "repeated": 0,
            "id": 4309
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4310
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4311
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Libraries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4312
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4313
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4314
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\Libraries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4315
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4316
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4317
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4318
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4319
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4320
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4321
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4322
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4323
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4324
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4325
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4326
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4327
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4328
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4329
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4330
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4331
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4332
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4333
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4334
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4335
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xde\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4336
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 4337
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 4338
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4339
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4\\xdc\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xffd\\xdd\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st\\x88\\xdd\\x08\\x0b\\x84\\xdd\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4340
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4341
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4342
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4343
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              }
            ],
            "repeated": 0,
            "id": 4344
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4345
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4346
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              }
            ],
            "repeated": 0,
            "id": 4347
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4348
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4349
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4350
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4351
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4352
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "AppData\\Roaming"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4353
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4354
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4355
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4356
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4357
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4358
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4359
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4360
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4361
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4362
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4363
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4364
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4365
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4366
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4367
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4368
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4369
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4370
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 4371
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 4372
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 4373
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 4374
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "AppData"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%USERPROFILE%\\AppData\\Roaming"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData"
              }
            ],
            "repeated": 0,
            "id": 4375
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4376
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 4377
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4378
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4379
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4380
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{F42EE2D3-909F-4907-8871-4C22FC0BF756}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}"
              }
            ],
            "repeated": 0,
            "id": 4381
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 4382
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4383
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Local Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4384
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4385
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4386
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4387
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4388
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{d3162b92-9365-467a-956b-92703aca08af}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4389
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4390
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21770"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4391
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-112"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4392
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4393
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4394
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4395
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4396
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4397
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4398
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4399
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4400
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4401
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4402
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4403
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4404
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4405
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4406
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4407
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4408
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xde\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4409
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 4410
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 4411
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 4412
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4\\xdc\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xffd\\xdd\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st\\x88\\xdd\\x08\\x0b\\x84\\xdd\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4413
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4414
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4415
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 4416
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "{F42EE2D3-909F-4907-8871-4C22FC0BF756}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}"
              }
            ],
            "repeated": 0,
            "id": 4417
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4418
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4419
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              }
            ],
            "repeated": 0,
            "id": 4420
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 4421
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4422
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Profile"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4423
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4424
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4425
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4426
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4427
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4428
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4429
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4430
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4431
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4432
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4433
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4434
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4435
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4436
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4437
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4438
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4439
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4440
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4441
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4442
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4443
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4444
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747ba61c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4445
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747ba7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xcd\\xe0\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4446
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4447
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4448
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f5106f",
            "parentcaller": "0x76f4f009",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 4449
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f5210c",
            "parentcaller": "0x76f52016",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 4450
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f5e5df",
            "parentcaller": "0x76f5e32b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\profapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 4451
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f5e61c",
            "parentcaller": "0x76f5e32b",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 4452
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73700000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00018000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4453
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f4ffdf",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73715000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4454
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f50087",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73713000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4455
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f500b5",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73713000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4456
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4457
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4458
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73713000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4459
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f5e670",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 4460
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f5e678",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 4461
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73713000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4462
          },
          {
            "timestamp": "2026-06-28 21:56:17,027",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\profapi"
              },
              {
                "name": "DllBase",
                "value": "0x73700000"
              }
            ],
            "repeated": 0,
            "id": 4463
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x76f4dd42",
            "parentcaller": "0x76f51843",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\profapi"
              },
              {
                "name": "BaseAddress",
                "value": "0x73700000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7370a250"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4464
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4465
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4466
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4467
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 4468
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4469
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4470
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73708463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 4471
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747ba66b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4472
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4473
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4474
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 4475
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f0bb",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 4476
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 4477
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4478
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Documents\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4479
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75baa9ec",
            "parentcaller": "0x7480f158",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Documents\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x98\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x92\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4480
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b90e6c",
            "parentcaller": "0x7480f1a1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Documents\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x007\\x000\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "402"
              }
            ],
            "repeated": 0,
            "id": 4481
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x7480f1f4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Documents\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x10\\xd1\\xfe\\xf7v\\x07\\xdd\\x01\\xf2\\xf3\\xcf\\xf8|\\x07\\xdd\\x016\\x8f\\x16\\xf8v\\x07\\xdd\\x016\\x8f\\x16\\xf8v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4482
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480f20b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4483
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x7480f215",
            "parentcaller": "0x7480f05c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4484
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f254",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 4485
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 4486
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4487
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4488
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4489
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4490
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{A0C69A99-21C8-4671-8703-7934162FCF1D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A0C69A99-21C8-4671-8703-7934162FCF1D}"
              }
            ],
            "repeated": 0,
            "id": 4491
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4492
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4493
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Local Music"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4494
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4495
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4496
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Music"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4497
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4498
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4499
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12689"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4500
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21790"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4501
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-108"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4502
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4503
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4504
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4505
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4506
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4507
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4508
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4509
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4510
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4511
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4512
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4513
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4514
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4515
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4516
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4517
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4518
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xde\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4519
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 4520
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 4521
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4522
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4\\xdc\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xffd\\xdd\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st\\x88\\xdd\\x08\\x0b\\x84\\xdd\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4523
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4524
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4525
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4526
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "{A0C69A99-21C8-4671-8703-7934162FCF1D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A0C69A99-21C8-4671-8703-7934162FCF1D}"
              }
            ],
            "repeated": 0,
            "id": 4527
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747ba61c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4528
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747ba7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xcb\\xe0\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4529
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4530
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 4531
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4532
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4533
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73708463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 4534
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747ba66b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4535
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4536
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 4537
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 4538
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f0bb",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 4539
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 4540
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4541
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Music\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4542
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75baa9ec",
            "parentcaller": "0x7480f158",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Music\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4543
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b90e6c",
            "parentcaller": "0x7480f1a1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Music\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x009\\x000\\x00\r\\x00\n\\x00I\\x00n\\x00f\\x00o\\x00T\\x00i\\x00p\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00"
              },
              {
                "name": "Length",
                "value": "504"
              }
            ],
            "repeated": 0,
            "id": 4544
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x7480f1f4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Music\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf2T\\xfc\\xf7v\\x07\\xdd\\x01A\\xdf\\xa2\\xf1|\\x07\\xdd\\x01.\\xa3\n\\xf8v\\x07\\xdd\\x01.\\xa3\n\\xf8v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4545
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480f20b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 4546
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x7480f215",
            "parentcaller": "0x7480f05c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4547
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f254",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 4548
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 4549
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4550
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4551
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4552
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4553
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{0DDD015D-B06C-45D5-8C4C-F59713854639}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0DDD015D-B06C-45D5-8C4C-F59713854639}"
              }
            ],
            "repeated": 0,
            "id": 4554
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 4555
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4556
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Local Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4557
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4558
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4559
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4560
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4561
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{24ad3ad4-a569-4530-98e1-ab02f9417aa8}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4562
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4563
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21779"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4564
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-113"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4565
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4566
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4567
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4568
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4569
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4570
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4571
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4572
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4573
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4574
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4575
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4576
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4577
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4578
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4579
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4580
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4581
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xde\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4582
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 4583
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 4584
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4585
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4\\xdc\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xffd\\xdd\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st\\x88\\xdd\\x08\\x0b\\x84\\xdd\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4586
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4587
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4588
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4589
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "{0DDD015D-B06C-45D5-8C4C-F59713854639}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{0DDD015D-B06C-45D5-8C4C-F59713854639}"
              }
            ],
            "repeated": 0,
            "id": 4590
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747ba61c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4591
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747ba7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xcf\\xe0\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4592
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4593
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 4594
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4595
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4596
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73708463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 4597
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747ba66b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4598
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4599
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 4600
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 4601
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f0bb",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 4602
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 4603
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4604
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Pictures\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4605
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75baa9ec",
            "parentcaller": "0x7480f158",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Pictures\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4606
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b90e6c",
            "parentcaller": "0x7480f1a1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Pictures\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x007\\x009\\x00\r\\x00\n\\x00I\\x00n\\x00f\\x00o\\x00T\\x00i\\x00p\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00"
              },
              {
                "name": "Length",
                "value": "504"
              }
            ],
            "repeated": 0,
            "id": 4607
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x7480f1f4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Pictures\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "E\\x90\\xf7\\xf7v\\x07\\xdd\\x01\\xf2\\xf3\\xcf\\xf8|\\x07\\xdd\\x01\\x88\\xf2\\xf9\\xf7v\\x07\\xdd\\x01\\x88\\xf2\\xf9\\xf7v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4608
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480f20b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 4609
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x7480f215",
            "parentcaller": "0x7480f05c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4610
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f254",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 4611
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 4612
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4613
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4614
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4615
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4616
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{35286A68-3C57-41A1-BBB1-0EAE73D76C95}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}"
              }
            ],
            "repeated": 0,
            "id": 4617
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 4618
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4619
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Local Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4620
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4621
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4622
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4623
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4624
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4625
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4626
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21791"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4627
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-189"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4628
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4629
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4630
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4631
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4632
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4633
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4634
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4635
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4636
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4637
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4638
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4639
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4640
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4641
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4642
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4643
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4644
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xde\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4645
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 4646
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 4647
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4648
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4\\xdc\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xffd\\xdd\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st\\x88\\xdd\\x08\\x0b\\x84\\xdd\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4649
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4650
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4651
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4652
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "{35286A68-3C57-41A1-BBB1-0EAE73D76C95}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}"
              }
            ],
            "repeated": 0,
            "id": 4653
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747ba61c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4654
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747ba7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xc8\\xe0\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4655
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4656
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 4657
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4658
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4659
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73708463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              }
            ],
            "repeated": 0,
            "id": 4660
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747ba66b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4661
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4662
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 4663
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 4664
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f0bb",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 4665
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 4666
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4667
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Videos\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4668
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75baa9ec",
            "parentcaller": "0x7480f158",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Videos\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4669
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b90e6c",
            "parentcaller": "0x7480f1a1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Videos\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x009\\x001\\x00\r\\x00\n\\x00I\\x00n\\x00f\\x00o\\x00T\\x00i\\x00p\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00"
              },
              {
                "name": "Length",
                "value": "504"
              }
            ],
            "repeated": 0,
            "id": 4670
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x7480f1f4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004f8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Videos\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "~B\\xe9\\xf7v\\x07\\xdd\\x01A\\xdf\\xa2\\xf1|\\x07\\xdd\\x01\\x88\\xf2\\xf9\\xf7v\\x07\\xdd\\x01\\x88\\xf2\\xf9\\xf7v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4671
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480f20b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 4672
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x7480f215",
            "parentcaller": "0x7480f05c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4673
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f254",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 4674
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 4675
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4676
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4677
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4678
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4679
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4680
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}"
              }
            ],
            "repeated": 0,
            "id": 4681
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 4682
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4683
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Local Downloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4684
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4685
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4686
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Downloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4687
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4688
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{088e3905-0323-4b02-9826-5d99428e115f}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4689
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4690
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21798"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4691
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-184"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4692
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4693
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4694
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4695
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4696
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4697
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4698
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4699
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4700
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4701
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4702
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4703
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4704
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4705
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4706
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4707
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4708
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xde\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4709
          },
          {
            "timestamp": "2026-06-28 21:56:17,043",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 4710
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 4711
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4712
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4\\xdc\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xffd\\xdd\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st\\x88\\xdd\\x08\\x0b\\x84\\xdd\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4713
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4714
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4715
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4716
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}"
              }
            ],
            "repeated": 0,
            "id": 4717
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747ba61c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4718
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747ba7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xc9\\xe0\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4719
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4720
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000500"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 4721
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4722
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4723
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73708463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 4724
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747ba66b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4725
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4726
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              }
            ],
            "repeated": 0,
            "id": 4727
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 4728
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 4729
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f0bb",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 4730
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 4731
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4732
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Downloads\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4733
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75baa9ec",
            "parentcaller": "0x7480f158",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Downloads\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1a\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4734
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b90e6c",
            "parentcaller": "0x7480f1a1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Downloads\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x009\\x008\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "282"
              }
            ],
            "repeated": 0,
            "id": 4735
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x7480f1f4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Downloads\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": ".\\xa3\n\\xf8v\\x07\\xdd\\x01A\\xdf\\xa2\\xf1|\\x07\\xdd\\x01\\xc3\\x05\r\\xf8v\\x07\\xdd\\x01\\xc3\\x05\r\\xf8v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4736
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480f20b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              }
            ],
            "repeated": 0,
            "id": 4737
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x7480f215",
            "parentcaller": "0x7480f05c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4738
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f254",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 4739
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 4740
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4741
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4742
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4743
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4744
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}"
              }
            ],
            "repeated": 0,
            "id": 4745
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              }
            ],
            "repeated": 0,
            "id": 4746
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004fc"
              }
            ],
            "repeated": 0,
            "id": 4747
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4748
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xde\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4749
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747ba61c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4750
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747ba7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xc9\\xe0\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4751
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4752
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 4753
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4754
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4755
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73708463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4756
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747ba66b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4757
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              }
            ],
            "repeated": 0,
            "id": 4758
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4759
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4760
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4761
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}"
              }
            ],
            "repeated": 0,
            "id": 4762
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              }
            ],
            "repeated": 0,
            "id": 4763
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4764
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "UsersFilesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4765
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4766
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4767
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4768
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4769
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4770
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4771
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4772
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4773
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4774
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4775
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4776
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4777
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4778
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4779
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4780
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4781
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4782
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4783
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4784
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4785
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4786
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4787
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 4788
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 4789
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4790
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4791
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 4792
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 4793
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4794
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4795
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 4796
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StorageDelegateSuppressionPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{92803FB4-7706-4035-ACD7-F63E069D3697}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy"
              }
            ],
            "repeated": 0,
            "id": 4797
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4798
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4799
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4800
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreventItemCreationInUsersFilesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder"
              }
            ],
            "repeated": 0,
            "id": 4801
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4802
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4803
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4804
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreventItemCreationInUsersFilesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder"
              }
            ],
            "repeated": 0,
            "id": 4805
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8334",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4806
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4807
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 4808
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StorageDelegate"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegate"
              }
            ],
            "repeated": 0,
            "id": 4809
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4810
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4811
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4812
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4813
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 4814
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 4815
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4816
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4817
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xc6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x8c\\xc6<\\xc60\\xc6\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd8\\xc8\\x08\\x0b\\xbc^\\xb8u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4818
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 4819
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\CLSID"
              }
            ],
            "repeated": 0,
            "id": 4820
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x7486977e",
            "parentcaller": "0x747e779e",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4821
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x748697c8",
            "parentcaller": "0x747e779e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4822
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x7486980e",
            "parentcaller": "0x747e779e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4823
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4824
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4825
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4826
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 4827
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 4828
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4829
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4830
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xbb\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xbbD\\xbb8\\xbb\\xf2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe0\\xbd\\x08\\x0b\\xbc^\\xb8u\\xf2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4831
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 4832
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\Windows.Storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4833
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4834
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4835
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xbb\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xbbD\\xbb8\\xbb\\xf2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe0\\xbd\\x08\\x0b\\xbc^\\xb8u\\xf2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4836
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 4837
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 4838
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x74869a4e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f2"
              }
            ],
            "repeated": 0,
            "id": 4839
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Storage.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x746e0000"
              }
            ],
            "repeated": 0,
            "id": 4840
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x747e780c",
            "parentcaller": "0x74839a38",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0E5AAE11-A475-4C5B-AB00-C66DE400274E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4841
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4842
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4843
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xc6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x04\\xc7\\xb4\\xc6\\xa8\\xc6\\xe6\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00P\\xc9\\x08\\x0b\\xbc^\\xb8u\\xe6\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4844
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4845
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e6"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4846
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4847
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4848
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xc5\\x1c\\xc5\\x10\\xc5\\xf2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xb8\\xc7\\x08\\x0b\\xbc^\\xb8u\\xf2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4849
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4850
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4851
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4852
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4853
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xc5\\x1c\\xc5\\x10\\xc5\\xf2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xb8\\xc7\\x08\\x0b\\xbc^\\xb8u\\xf2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4854
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4855
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "17"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4856
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4857
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4858
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xc5\\x1c\\xc5\\x10\\xc5\\xf2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xb8\\xc7\\x08\\x0b\\xbc^\\xb8u\\xf2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4859
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4860
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "ValueName",
                "value": "DescriptionID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\DescriptionID"
              }
            ],
            "repeated": 0,
            "id": 4861
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4862
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4863
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xc5\\x04\\xc5\\xf8\\xc4\\xf2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xc7\\x08\\x0b\\xbc^\\xb8u\\xf2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4864
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4865
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "ValueName",
                "value": "HelpTopic"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic"
              }
            ],
            "repeated": 0,
            "id": 4866
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4867
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4868
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xc5\\x04\\xc5\\xf8\\xc4\\xf2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xc7\\x08\\x0b\\xbc^\\xb8u\\xf2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4869
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4870
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "ValueName",
                "value": "AllowChildAliasRegistration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration"
              }
            ],
            "repeated": 0,
            "id": 4871
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4872
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4873
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xc5\\x1c\\xc5\\x10\\xc5\\xf2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xb8\\xc7\\x08\\x0b\\xbc^\\xb8u\\xf2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4874
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4875
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "ValueName",
                "value": "RecursiveSearch"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch"
              }
            ],
            "repeated": 0,
            "id": 4876
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4877
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4878
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00L\\xc5\\xfc\\xc4\\xf0\\xc4\\xf2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x98\\xc7\\x08\\x0b\\xbc^\\xb8u\\xf2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4879
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4880
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "ValueName",
                "value": "TargetKnownFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder"
              }
            ],
            "repeated": 0,
            "id": 4881
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4882
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4883
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xc4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00L\\xc5\\xfc\\xc4\\xf0\\xc4\\xf2\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x98\\xc7\\x08\\x0b\\xbc^\\xb8u\\xf2\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4884
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4885
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f2"
              },
              {
                "name": "ValueName",
                "value": "TargetKnownFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder"
              }
            ],
            "repeated": 0,
            "id": 4886
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4887
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4888
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4889
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000010",
                "pretty_value": "KEY_NOTIFY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 4890
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4891
          },
          {
            "timestamp": "2026-06-28 21:56:17,058",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000500"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000010",
                "pretty_value": "KEY_NOTIFY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 4892
          },
          {
            "timestamp": "2026-06-28 21:56:17,105",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 3,
            "id": 4893
          },
          {
            "timestamp": "2026-06-28 21:56:17,168",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000010",
                "pretty_value": "KEY_NOTIFY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000500"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\"
              }
            ],
            "repeated": 0,
            "id": 4894
          },
          {
            "timestamp": "2026-06-28 21:56:17,168",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 4895
          },
          {
            "timestamp": "2026-06-28 21:56:17,168",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000500"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000010",
                "pretty_value": "KEY_NOTIFY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000504"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\"
              }
            ],
            "repeated": 0,
            "id": 4896
          },
          {
            "timestamp": "2026-06-28 21:56:17,168",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7621302b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f2"
              }
            ],
            "repeated": 0,
            "id": 4897
          },
          {
            "timestamp": "2026-06-28 21:56:17,168",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 4898
          },
          {
            "timestamp": "2026-06-28 21:56:17,168",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e6"
              }
            ],
            "repeated": 0,
            "id": 4899
          },
          {
            "timestamp": "2026-06-28 21:56:17,168",
            "thread_id": "3348",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x748202ab",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              }
            ],
            "repeated": 0,
            "id": 4900
          },
          {
            "timestamp": "2026-06-28 21:56:17,168",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4901
          },
          {
            "timestamp": "2026-06-28 21:56:17,168",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e51000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4902
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4903
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4904
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4905
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4906
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 4907
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4908
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 4909
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 4910
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "6"
              }
            ],
            "repeated": 0,
            "id": 4911
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4912
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4913
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "9"
              }
            ],
            "repeated": 0,
            "id": 4914
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 4915
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "11"
              }
            ],
            "repeated": 0,
            "id": 4916
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "12"
              }
            ],
            "repeated": 0,
            "id": 4917
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "13"
              }
            ],
            "repeated": 0,
            "id": 4918
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "14"
              }
            ],
            "repeated": 0,
            "id": 4919
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 4920
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 4921
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "17"
              }
            ],
            "repeated": 0,
            "id": 4922
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "18"
              }
            ],
            "repeated": 0,
            "id": 4923
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "19"
              }
            ],
            "repeated": 0,
            "id": 4924
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 4925
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "21"
              }
            ],
            "repeated": 0,
            "id": 4926
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 4927
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "23"
              }
            ],
            "repeated": 0,
            "id": 4928
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "24"
              }
            ],
            "repeated": 0,
            "id": 4929
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "25"
              }
            ],
            "repeated": 0,
            "id": 4930
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "26"
              }
            ],
            "repeated": 0,
            "id": 4931
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "27"
              }
            ],
            "repeated": 0,
            "id": 4932
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "28"
              }
            ],
            "repeated": 0,
            "id": 4933
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "29"
              }
            ],
            "repeated": 0,
            "id": 4934
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "30"
              }
            ],
            "repeated": 0,
            "id": 4935
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "31"
              }
            ],
            "repeated": 0,
            "id": 4936
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "32"
              }
            ],
            "repeated": 0,
            "id": 4937
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "33"
              }
            ],
            "repeated": 0,
            "id": 4938
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "34"
              }
            ],
            "repeated": 0,
            "id": 4939
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "35"
              }
            ],
            "repeated": 0,
            "id": 4940
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "36"
              }
            ],
            "repeated": 0,
            "id": 4941
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "37"
              }
            ],
            "repeated": 0,
            "id": 4942
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "38"
              }
            ],
            "repeated": 0,
            "id": 4943
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "39"
              }
            ],
            "repeated": 0,
            "id": 4944
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "40"
              }
            ],
            "repeated": 0,
            "id": 4945
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "41"
              }
            ],
            "repeated": 0,
            "id": 4946
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "42"
              }
            ],
            "repeated": 0,
            "id": 4947
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "43"
              }
            ],
            "repeated": 0,
            "id": 4948
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "44"
              }
            ],
            "repeated": 0,
            "id": 4949
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "45"
              }
            ],
            "repeated": 0,
            "id": 4950
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "46"
              }
            ],
            "repeated": 0,
            "id": 4951
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "47"
              }
            ],
            "repeated": 0,
            "id": 4952
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "48"
              }
            ],
            "repeated": 0,
            "id": 4953
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "49"
              }
            ],
            "repeated": 0,
            "id": 4954
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4955
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "51"
              }
            ],
            "repeated": 0,
            "id": 4956
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "52"
              }
            ],
            "repeated": 0,
            "id": 4957
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "53"
              }
            ],
            "repeated": 0,
            "id": 4958
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "54"
              }
            ],
            "repeated": 0,
            "id": 4959
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "55"
              }
            ],
            "repeated": 0,
            "id": 4960
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "56"
              }
            ],
            "repeated": 0,
            "id": 4961
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "57"
              }
            ],
            "repeated": 0,
            "id": 4962
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "58"
              }
            ],
            "repeated": 0,
            "id": 4963
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "59"
              }
            ],
            "repeated": 0,
            "id": 4964
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "60"
              }
            ],
            "repeated": 0,
            "id": 4965
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "61"
              }
            ],
            "repeated": 0,
            "id": 4966
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "62"
              }
            ],
            "repeated": 0,
            "id": 4967
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "63"
              }
            ],
            "repeated": 0,
            "id": 4968
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 4969
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "65"
              }
            ],
            "repeated": 0,
            "id": 4970
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "66"
              }
            ],
            "repeated": 0,
            "id": 4971
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "67"
              }
            ],
            "repeated": 0,
            "id": 4972
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "68"
              }
            ],
            "repeated": 0,
            "id": 4973
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "69"
              }
            ],
            "repeated": 0,
            "id": 4974
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "70"
              }
            ],
            "repeated": 0,
            "id": 4975
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "71"
              }
            ],
            "repeated": 0,
            "id": 4976
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "72"
              }
            ],
            "repeated": 0,
            "id": 4977
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "73"
              }
            ],
            "repeated": 0,
            "id": 4978
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "74"
              }
            ],
            "repeated": 0,
            "id": 4979
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "75"
              }
            ],
            "repeated": 0,
            "id": 4980
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "76"
              }
            ],
            "repeated": 0,
            "id": 4981
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "77"
              }
            ],
            "repeated": 0,
            "id": 4982
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "78"
              }
            ],
            "repeated": 0,
            "id": 4983
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "79"
              }
            ],
            "repeated": 0,
            "id": 4984
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "80"
              }
            ],
            "repeated": 0,
            "id": 4985
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "81"
              }
            ],
            "repeated": 0,
            "id": 4986
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "82"
              }
            ],
            "repeated": 0,
            "id": 4987
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "83"
              }
            ],
            "repeated": 0,
            "id": 4988
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "84"
              }
            ],
            "repeated": 0,
            "id": 4989
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "85"
              }
            ],
            "repeated": 0,
            "id": 4990
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "86"
              }
            ],
            "repeated": 0,
            "id": 4991
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "87"
              }
            ],
            "repeated": 0,
            "id": 4992
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "88"
              }
            ],
            "repeated": 0,
            "id": 4993
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "89"
              }
            ],
            "repeated": 0,
            "id": 4994
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "90"
              }
            ],
            "repeated": 0,
            "id": 4995
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "91"
              }
            ],
            "repeated": 0,
            "id": 4996
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "92"
              }
            ],
            "repeated": 0,
            "id": 4997
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "93"
              }
            ],
            "repeated": 0,
            "id": 4998
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "94"
              }
            ],
            "repeated": 0,
            "id": 4999
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "95"
              }
            ],
            "repeated": 0,
            "id": 5000
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "96"
              }
            ],
            "repeated": 0,
            "id": 5001
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "97"
              }
            ],
            "repeated": 0,
            "id": 5002
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "98"
              }
            ],
            "repeated": 0,
            "id": 5003
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e52000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5004
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "99"
              }
            ],
            "repeated": 0,
            "id": 5005
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 5006
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "101"
              }
            ],
            "repeated": 0,
            "id": 5007
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "102"
              }
            ],
            "repeated": 0,
            "id": 5008
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "103"
              }
            ],
            "repeated": 0,
            "id": 5009
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "104"
              }
            ],
            "repeated": 0,
            "id": 5010
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "105"
              }
            ],
            "repeated": 0,
            "id": 5011
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "106"
              }
            ],
            "repeated": 0,
            "id": 5012
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "107"
              }
            ],
            "repeated": 0,
            "id": 5013
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "108"
              }
            ],
            "repeated": 0,
            "id": 5014
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "109"
              }
            ],
            "repeated": 0,
            "id": 5015
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "110"
              }
            ],
            "repeated": 0,
            "id": 5016
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "111"
              }
            ],
            "repeated": 0,
            "id": 5017
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "112"
              }
            ],
            "repeated": 0,
            "id": 5018
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "113"
              }
            ],
            "repeated": 0,
            "id": 5019
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "114"
              }
            ],
            "repeated": 0,
            "id": 5020
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "115"
              }
            ],
            "repeated": 0,
            "id": 5021
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "116"
              }
            ],
            "repeated": 0,
            "id": 5022
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "117"
              }
            ],
            "repeated": 0,
            "id": 5023
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "118"
              }
            ],
            "repeated": 0,
            "id": 5024
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "119"
              }
            ],
            "repeated": 0,
            "id": 5025
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "120"
              }
            ],
            "repeated": 0,
            "id": 5026
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "121"
              }
            ],
            "repeated": 0,
            "id": 5027
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "122"
              }
            ],
            "repeated": 0,
            "id": 5028
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "123"
              }
            ],
            "repeated": 0,
            "id": 5029
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "124"
              }
            ],
            "repeated": 0,
            "id": 5030
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "125"
              }
            ],
            "repeated": 0,
            "id": 5031
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "126"
              }
            ],
            "repeated": 0,
            "id": 5032
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "127"
              }
            ],
            "repeated": 0,
            "id": 5033
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "Index",
                "value": "128"
              }
            ],
            "repeated": 0,
            "id": 5034
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487cf11",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5035
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e53000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5036
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e54000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5037
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5038
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5039
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"
              }
            ],
            "repeated": 0,
            "id": 5040
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5041
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5042
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Searches"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5043
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5044
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5045
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Searches"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5046
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5047
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{7d1d3a04-debb-4115-95cf-2f29da2920da}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5048
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5049
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-9031"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5050
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-18"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5051
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5052
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5053
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5054
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5055
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5056
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5057
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5058
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5059
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5060
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5061
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{0b0ba2e3-405f-415e-a6ee-cad625207853}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5062
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5063
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000504"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5064
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 5065
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x747bfb9b",
            "parentcaller": "0x747c23f7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4DF0C730-DF9D-4AE3-9153-AA6B82E9795A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8BE2D872-86AA-4D47-B776-32CCA40C7018"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5066
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8fb07",
            "parentcaller": "0x7484ef21",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:3412:64:WilError_03"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5067
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x748501d2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 5068
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5069
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5070
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480d42e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5071
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b94290",
            "parentcaller": "0x748501b1",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 1,
            "id": 5072
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5073
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 5074
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5075
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5076
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5077
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5078
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 5079
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5080
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xd9\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5081
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 5082
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 5083
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5084
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8c\\xd7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\x0c\\xd8\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st0\\xd8\\x08\\x0b,\\xd8\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5085
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5086
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5087
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5088
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"
              }
            ],
            "repeated": 0,
            "id": 5089
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747ba61c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5090
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747ba7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xc9\\xe0\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5091
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5092
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 5093
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 5094
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 5095
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73708463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 5096
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747ba66b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5097
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 5098
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5099
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5100
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5101
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              }
            ],
            "repeated": 0,
            "id": 5102
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5103
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5104
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Windows"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5105
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5106
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5107
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5108
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5109
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5110
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5111
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5112
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5113
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5114
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5115
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5116
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5117
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5118
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5119
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5120
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5121
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5122
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5123
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5124
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000504"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5125
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 5126
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5127
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5128
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000504"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}"
              }
            ],
            "repeated": 0,
            "id": 5129
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 5130
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5131
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "ProgramFilesCommon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5132
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5133
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5134
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5135
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5136
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5137
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5138
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5139
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5140
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5141
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5142
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5143
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5144
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5145
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5146
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5147
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5148
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5149
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5150
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5151
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5152
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5153
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5154
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5155
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{2112AB0A-C86A-4FFE-A368-0DE96E47012E}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4FFE-A368-0DE96E47012E}"
              }
            ],
            "repeated": 0,
            "id": 5156
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5157
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5158
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "MusicLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5159
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5160
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5161
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Music.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5162
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5163
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5164
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12689"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5165
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34584"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5166
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-1004"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5167
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5168
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\shell32.dll,-2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5169
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5170
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5171
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5172
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5173
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5174
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5175
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5176
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5177
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5178
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5179
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000504"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5180
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 5181
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5182
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5183
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000504"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{48DAF80B-E6CF-4F4E-B800-0E69D84EE384}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48DAF80B-E6CF-4F4E-B800-0E69D84EE384}"
              }
            ],
            "repeated": 0,
            "id": 5184
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 5185
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5186
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "PublicLibraries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5187
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5188
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5189
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Libraries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5190
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5191
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5192
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5193
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5194
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5195
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5196
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5197
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5198
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5199
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5200
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5201
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5202
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5203
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5204
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5205
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5206
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000508"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5207
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 5208
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5209
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5210
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000508"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}"
              }
            ],
            "repeated": 0,
            "id": 5211
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 5212
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5213
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Common Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5214
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5215
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5216
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5217
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5218
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5219
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21799"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5220
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5221
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "D:P(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5222
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5223
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5224
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5225
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5226
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5227
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5228
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5229
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5230
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5231
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5232
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5233
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000504"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5234
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 5235
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5236
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5237
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000504"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}"
              }
            ],
            "repeated": 0,
            "id": 5238
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 5239
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5240
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "AppDataDocuments"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5241
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5242
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5243
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5244
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5245
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5246
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5247
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5248
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5249
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5250
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5251
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5252
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5253
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5254
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5255
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5256
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5257
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5258
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5259
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5260
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000508"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5261
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 5262
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5263
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5264
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000508"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{9E52AB10-F80D-49DF-ACB8-4330F5687855}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}"
              }
            ],
            "repeated": 0,
            "id": 5265
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 5266
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5267
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "CD Burning"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5268
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5269
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5270
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\Burn\\Burn"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5271
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5272
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5273
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21815"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5274
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5275
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5276
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5277
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5278
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5279
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5280
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5281
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5282
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5283
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5284
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5285
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5286
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5287
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000504"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5288
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 5289
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5290
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5291
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000504"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{E25B5812-BE88-4BD9-94B0-29233477B6C3}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4BD9-94B0-29233477B6C3}"
              }
            ],
            "repeated": 0,
            "id": 5292
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 5293
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5294
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "SavedPicturesLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5295
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5296
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5297
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "SavedPictures.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5298
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5299
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5300
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5301
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34583"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5302
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5303
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5304
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\shell32.dll,-6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5305
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5306
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5307
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5308
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5309
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5310
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5311
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5312
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5313
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5314
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5315
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000504"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000508"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5316
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 5317
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e55000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5318
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5319
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5320
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000508"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{98EC0E18-2098-4D44-8644-66979315A281}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}"
              }
            ],
            "repeated": 0,
            "id": 5321
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 5322
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5323
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "MAPIFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5324
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5325
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5326
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5327
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "shell:::{89D83576-6BD1-4C86-9454-BEB04E94C819}\\*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5328
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5329
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5330
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5331
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5332
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5333
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5334
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5335
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5336
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5337
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5338
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5339
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5340
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5341
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5342
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5343
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5344
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5345
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5346
          },
          {
            "timestamp": "2026-06-28 21:56:17,183",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5347
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              }
            ],
            "repeated": 0,
            "id": 5348
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5349
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5350
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Common Start Menu"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5351
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5352
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5353
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\Start Menu"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5354
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5355
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5356
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21786"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5357
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5358
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5359
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5360
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5361
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5362
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5363
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5364
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5365
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5366
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5367
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5368
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5369
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5370
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000508"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5371
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 5372
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5373
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5374
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000508"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              }
            ],
            "repeated": 0,
            "id": 5375
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 5376
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5377
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "My Video"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5378
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5379
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5380
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5381
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5382
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{A0953C92-50DC-43BF-BE83-3742FED03C9C}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5383
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5384
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21791"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5385
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-189"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5386
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5387
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5388
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5389
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5390
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5391
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5392
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5393
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5394
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5395
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5396
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5397
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5398
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5399
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5400
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5401
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5402
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747be08d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5403
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x747be0b3",
            "parentcaller": "0x747be9b1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5404
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747be0d2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5405
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xda\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xd3\\x9c\\xb8u\\x00\\x00\\xdf\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00#\\xbc^&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x05\\x00\\x00\\x0c\\xdc\\x08\\x0bp\\x07\\xbbu"
              }
            ],
            "repeated": 0,
            "id": 5406
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5407
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 5408
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 5409
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5410
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747beb42",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5411
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 5412
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5413
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 5414
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5415
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 5416
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747be1ec",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xdb\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x008*\\xe5\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00L\\xdb\\x08\\x0bD&\\xb9u\\xff\\xff\\xff\\xff\\x0c\\x00\\x00\\x00\\x8c\\xdb\\x08\\x0b"
              }
            ],
            "repeated": 0,
            "id": 5417
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5418
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 5419
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747beba4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5420
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020006",
                "pretty_value": "KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5421
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec02",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5422
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec1e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5423
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5424
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5425
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5426
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5427
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}"
              }
            ],
            "repeated": 0,
            "id": 5428
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5429
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5430
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Quick Launch"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5431
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5432
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5433
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Internet Explorer\\Quick Launch"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5434
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5435
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5436
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5437
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5438
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5439
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5440
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5441
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5442
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5443
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5444
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5445
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5446
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5447
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5448
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5449
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5450
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000510"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5451
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5452
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5453
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5454
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000510"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
              }
            ],
            "repeated": 0,
            "id": 5455
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5456
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5457
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "ProgramFilesCommonX86"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5458
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5459
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5460
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5461
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5462
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5463
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5464
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5465
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5466
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5467
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5468
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5469
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5470
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5471
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5472
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5473
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5474
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5475
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5476
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5477
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5478
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5479
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5480
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5481
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              }
            ],
            "repeated": 0,
            "id": 5482
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5483
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5484
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "3D Objects"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5485
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5486
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5487
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "3D Objects"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5488
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5489
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5490
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21825"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5491
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-198"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5492
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5493
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5494
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5495
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5496
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5497
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5498
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5499
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5500
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5501
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5502
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{b3690e58-e961-423b-b687-386ebfd83239}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5503
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5504
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000510"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5505
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5506
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5507
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 5508
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5509
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5510
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5511
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5512
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5513
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5514
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xd9\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5515
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 5516
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 5517
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5518
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8c\\xd7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\x0c\\xd8\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st0\\xd8\\x08\\x0b,\\xd8\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5519
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5520
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5521
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5522
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              }
            ],
            "repeated": 0,
            "id": 5523
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747ba61c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5524
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747ba7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18+\\xe5\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5525
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5526
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 5527
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 5528
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 5529
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73708463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5530
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747ba66b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5531
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5532
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5533
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5534
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5535
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000514"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}"
              }
            ],
            "repeated": 0,
            "id": 5536
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5537
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5538
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "ConnectionsFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5539
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5540
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5541
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5542
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5543
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5544
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5545
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5546
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5547
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5548
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5549
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5550
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5551
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5552
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5553
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5554
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5555
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5556
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5557
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5558
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5559
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000510"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5560
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5561
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5562
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5563
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000510"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{76FC4E2D-D6AD-4519-A663-37BD56068185}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}"
              }
            ],
            "repeated": 0,
            "id": 5564
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5565
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5566
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "PrintersFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5567
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5568
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5569
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5570
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5571
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{21EC2020-3AEA-1069-A2DD-08002B30309D}\\::{2227A280-3AEA-1069-A2DE-08002B30309D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5572
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5573
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5574
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5575
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5576
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5577
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5578
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5579
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5580
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5581
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5582
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5583
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5584
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5585
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5586
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5587
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000514"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5588
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5589
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5590
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5591
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000514"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{491E922F-5643-4AF4-A7EB-4E7A138D8174}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4AF4-A7EB-4E7A138D8174}"
              }
            ],
            "repeated": 0,
            "id": 5592
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              }
            ],
            "repeated": 0,
            "id": 5593
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5594
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "VideosLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5595
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5596
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5597
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Videos.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5598
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5599
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{491E922F-5643-4af4-A7EB-4E7A138D8174}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5600
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5601
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34620"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5602
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e58000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5603
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-1005"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5604
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5605
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\shell32.dll,-4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5606
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5607
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5608
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5609
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5610
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5611
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5612
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5613
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5614
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5615
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5616
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000514"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000510"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5617
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5618
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5619
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5620
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000510"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              }
            ],
            "repeated": 0,
            "id": 5621
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 5622
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5623
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "My Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5624
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5625
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5626
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5627
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5628
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{3ADD1653-EB32-4CB0-BBD7-DFA0ABB5ACCA}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5629
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5630
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21779"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5631
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-113"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5632
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5633
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5634
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5635
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5636
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5637
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5638
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5639
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5640
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5641
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5642
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5643
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5644
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5645
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5646
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5647
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5648
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747be08d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5649
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x747be0b3",
            "parentcaller": "0x747be9b1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5650
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747be0d2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5651
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xda\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xd3\\x9c\\xb8u\\x00\\x00\\xdf\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00#\\xbc^&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x05\\x00\\x00\\x0c\\xdc\\x08\\x0bp\\x07\\xbbu"
              }
            ],
            "repeated": 0,
            "id": 5652
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5653
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 5654
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 5655
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5656
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747beb42",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5657
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 5658
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5659
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 5660
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5661
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 5662
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747be1ec",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xdb\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xb8%\\xe5\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00L\\xdb\\x08\\x0bD&\\xb9u\\xff\\xff\\xff\\xff\\x0c\\x00\\x00\\x00\\x8c\\xdb\\x08\\x0b"
              }
            ],
            "repeated": 0,
            "id": 5663
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5664
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 5665
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747beba4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5666
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020006",
                "pretty_value": "KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5667
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec02",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5668
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec1e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5669
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5670
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5671
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{8AD10C31-2ADB-4296-A8F7-E4701232C972}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}"
              }
            ],
            "repeated": 0,
            "id": 5672
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5673
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5674
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "ResourceDir"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5675
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5676
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5677
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5678
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5679
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5680
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5681
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5682
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5683
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5684
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5685
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5686
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5687
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5688
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5689
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5690
          },
          {
            "timestamp": "2026-06-28 21:56:17,199",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5691
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5692
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5693
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5694
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000518"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5695
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5696
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5697
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5698
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000518"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}"
              }
            ],
            "repeated": 0,
            "id": 5699
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5700
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5701
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Common Startup"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5702
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5703
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5704
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "StartUp"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5705
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5706
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5707
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21787"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5708
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5709
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5710
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5711
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5712
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5713
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5714
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5715
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5716
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5717
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5718
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5719
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5720
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5721
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5722
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5723
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5724
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5725
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{DEBF2536-E1A8-4C59-B6A2-414586476AEA}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4C59-B6A2-414586476AEA}"
              }
            ],
            "repeated": 0,
            "id": 5726
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5727
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5728
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "PublicGameTasks"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5729
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5730
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5731
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\GameExplorer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5732
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5733
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5734
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5735
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5736
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5737
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5738
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5739
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5740
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5741
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5742
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5743
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5744
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5745
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5746
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5747
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5748
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000518"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5749
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5750
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5751
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5752
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000518"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{0F214138-B1D3-4A90-BBA9-27CBC0C5389A}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4A90-BBA9-27CBC0C5389A}"
              }
            ],
            "repeated": 0,
            "id": 5753
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5754
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5755
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "SyncSetupFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5756
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5757
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5758
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5759
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5760
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C},"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5761
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5762
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5763
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5764
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5765
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5766
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5767
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5768
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5769
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5770
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5771
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5772
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5773
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5774
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5775
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5776
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5777
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5778
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5779
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5780
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{2400183A-6185-49FB-A2D8-4A392A602BA3}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}"
              }
            ],
            "repeated": 0,
            "id": 5781
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 5782
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5783
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "CommonVideo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5784
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5785
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5786
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5787
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5788
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5789
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21804"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5790
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\imageres.dll,-3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5791
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5792
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5793
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5794
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5795
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5796
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5797
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5798
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5799
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5800
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5801
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5802
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5803
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000518"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5804
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5805
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5806
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5807
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 5808
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5809
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5810
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5811
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5812
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5813
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5814
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000518"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              }
            ],
            "repeated": 0,
            "id": 5815
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5816
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5817
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "History"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5818
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5819
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5820
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\History"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5821
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5822
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5823
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5824
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5825
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5826
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5827
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5828
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5829
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5830
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5831
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5832
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5833
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5834
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5835
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5836
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5837
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5838
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5839
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5840
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5841
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{C4900540-2379-4C75-844B-64E6FAF8716B}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4900540-2379-4C75-844B-64E6FAF8716B}"
              }
            ],
            "repeated": 0,
            "id": 5842
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5843
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5844
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5845
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{289A9A43-BE44-4057-A41B-587A76D7E7F9}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}"
              }
            ],
            "repeated": 0,
            "id": 5846
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5847
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5848
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "SyncResultsFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5849
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5850
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5851
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5852
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5853
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{BC48B32F-5910-47F5-8570-5074A8A5636A},"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5854
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5855
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5856
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5857
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5858
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5859
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5860
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5861
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5862
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5863
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5864
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5865
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5866
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5867
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5868
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5869
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000518"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5870
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5871
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5872
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5873
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000518"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{4BFEFB45-347D-4006-A5BE-AC0CB0567192}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}"
              }
            ],
            "repeated": 0,
            "id": 5874
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5875
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5876
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "ConflictFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5877
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5878
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5879
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5880
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5881
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{E413D040-6788-4C22-957E-175D1C513A34},"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5882
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5883
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5884
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5885
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5886
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5887
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5888
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5889
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5890
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5891
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5892
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5893
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5894
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5895
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5896
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5897
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5898
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5899
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5900
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5901
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}"
              }
            ],
            "repeated": 0,
            "id": 5902
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5903
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5904
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "RecycleBinFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5905
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5906
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5907
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5908
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "::{645FF040-5081-101B-9F08-00AA002F954E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5909
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5910
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5911
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5912
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5913
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5914
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5915
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5916
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5917
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5918
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5919
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5920
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5921
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5922
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5923
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5924
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000518"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5925
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5926
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5927
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5928
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000518"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}"
              }
            ],
            "repeated": 0,
            "id": 5929
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5930
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5931
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "CSCFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5932
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5933
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5934
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5935
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "shell:::{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5936
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5937
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5938
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5939
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5940
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5941
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5942
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5943
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5944
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5945
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5946
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5947
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5948
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5949
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5950
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5951
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5952
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5953
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5954
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5955
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{C870044B-F49E-4126-A9C3-B52A1FF411E8}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}"
              }
            ],
            "repeated": 0,
            "id": 5956
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 5957
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5958
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Ringtones"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5959
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5960
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5961
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\Ringtones"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5962
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5963
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5964
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5965
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5966
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5967
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5968
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5969
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5970
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5971
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5972
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5973
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5974
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5975
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5976
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5977
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5978
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000518"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5979
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5980
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 5981
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5982
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000518"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              }
            ],
            "repeated": 0,
            "id": 5983
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 5984
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5985
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Common Programs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5986
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5987
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5988
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Programs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5989
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5990
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5991
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21782"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5992
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5993
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5994
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5995
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5996
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5997
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5998
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5999
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6000
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6001
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6002
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6003
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6004
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6005
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6006
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6007
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6008
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6009
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{C5ABBF53-E17F-4121-8900-86626FC2C973}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}"
              }
            ],
            "repeated": 0,
            "id": 6010
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6011
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6012
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "NetHood"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6013
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6014
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6015
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\Network Shortcuts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6016
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6017
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6018
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6019
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6020
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6021
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6022
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6023
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6024
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6025
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6026
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6027
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6028
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6029
          },
          {
            "timestamp": "2026-06-28 21:56:17,215",
            "thread_id": "3348",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6030
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000518"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6031
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6032
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6033
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6034
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000518"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{56784854-C6CB-462B-8169-88E350ACB882}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}"
              }
            ],
            "repeated": 0,
            "id": 6035
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6036
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6037
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6038
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6039
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6040
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6041
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6042
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6043
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6044
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6045
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6046
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xd9\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6047
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 6048
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 6049
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6050
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8c\\xd7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\x0c\\xd8\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st0\\xd8\\x08\\x0b,\\xd8\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6051
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6052
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000524"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6053
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6054
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747ba61c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6055
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747ba7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p'\\xe5\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6056
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6057
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000528"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 6058
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73708463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 6059
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747ba66b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6060
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6061
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 6062
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6063
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000524"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6064
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000524"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}"
              }
            ],
            "repeated": 0,
            "id": 6065
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 6066
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6067
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6068
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6069
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6070
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000524"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"
              }
            ],
            "repeated": 0,
            "id": 6071
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6072
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000524"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6073
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 6074
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747be08d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 6075
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x747be0b3",
            "parentcaller": "0x747be9b1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6076
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747be0d2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 6077
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xda\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xd3\\x9c\\xb8u\\x00\\x00\\xdf\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00#\\xbc^&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x05\\x00\\x00\\x0c\\xdc\\x08\\x0bp\\x07\\xbbu"
              }
            ],
            "repeated": 0,
            "id": 6078
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000524"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6079
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000524"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 6080
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6081
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747beb42",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6082
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 6083
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6084
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6085
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6086
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6087
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747be1ec",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xdb\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x000#\\xe5\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00L\\xdb\\x08\\x0bD&\\xb9u\\xff\\xff\\xff\\xff\\x0c\\x00\\x00\\x00\\x8c\\xdb\\x08\\x0b"
              }
            ],
            "repeated": 0,
            "id": 6088
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6089
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 6090
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747beba4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6091
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020006",
                "pretty_value": "KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000524"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6092
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec02",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6093
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec1e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 6094
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6095
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6096
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6097
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6098
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6099
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6100
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6101
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000524"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6102
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000524"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{A302545D-DEFF-464B-ABE8-61C8648D939B}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464B-ABE8-61C8648D939B}"
              }
            ],
            "repeated": 0,
            "id": 6103
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 6104
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000524"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6105
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6106
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6107
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6108
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              }
            ],
            "repeated": 0,
            "id": 6109
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6110
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6111
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6112
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6113
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6114
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}"
              }
            ],
            "repeated": 0,
            "id": 6115
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6116
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6117
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6118
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6119
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6120
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{E555AB60-153B-4D17-9F04-A5FE99FC15EC}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}"
              }
            ],
            "repeated": 0,
            "id": 6121
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6122
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6123
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6124
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6125
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6126
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{054FAE61-4DD8-4787-80B6-090220C4B700}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}"
              }
            ],
            "repeated": 0,
            "id": 6127
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6128
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6129
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6130
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6131
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6132
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{1777F761-68AD-4D8A-87BD-30B759FA33DD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}"
              }
            ],
            "repeated": 0,
            "id": 6133
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6134
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6135
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6136
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6137
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6138
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6139
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6140
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6141
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6142
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6143
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6144
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xd9\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6145
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 6146
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 6147
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6148
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8c\\xd7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\x0c\\xd8\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st0\\xd8\\x08\\x0b,\\xd8\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6149
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6150
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000528"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6151
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6152
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6153
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 6154
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747be08d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 6155
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x747be0b3",
            "parentcaller": "0x747be9b1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6156
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747be0d2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 6157
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xda\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xd3\\x9c\\xb8u\\x00\\x00\\xdf\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00#\\xbc^&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\x05\\x00\\x00\\x0c\\xdc\\x08\\x0bp\\x07\\xbbu"
              }
            ],
            "repeated": 0,
            "id": 6158
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000528"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6159
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000528"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 6160
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6161
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747beb42",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6162
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 6163
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6164
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6165
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6166
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6167
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747be1ec",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xdb\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x80!\\xe5\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00L\\xdb\\x08\\x0bD&\\xb9u\\xff\\xff\\xff\\xff\\x0c\\x00\\x00\\x00\\x8c\\xdb\\x08\\x0b"
              }
            ],
            "repeated": 0,
            "id": 6168
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6169
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 6170
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747beba4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6171
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020006",
                "pretty_value": "KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000528"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6172
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec02",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6173
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec1e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 6174
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6175
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6176
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6177
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6178
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6179
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6180
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6181
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000528"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6182
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000528"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              }
            ],
            "repeated": 0,
            "id": 6183
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 6184
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6185
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000528"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6186
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000528"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}"
              }
            ],
            "repeated": 0,
            "id": 6187
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 6188
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000528"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6189
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6190
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6191
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6192
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{8983036C-27C0-404B-8F08-102D10DCFD74}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}"
              }
            ],
            "repeated": 0,
            "id": 6193
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6194
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6195
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6196
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6197
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6198
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{0482AF6C-08F1-4C34-8C90-E17EC98B1E17}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482AF6C-08F1-4C34-8C90-E17EC98B1E17}"
              }
            ],
            "repeated": 0,
            "id": 6199
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6200
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6201
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6202
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6203
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6204
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{BCB5256F-79F6-4CEE-B725-DC34E402FD46}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BCB5256F-79F6-4CEE-B725-DC34E402FD46}"
              }
            ],
            "repeated": 0,
            "id": 6205
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6206
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6207
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6208
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6209
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6210
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{724EF170-A42D-4FEF-9F26-B60E846FBA4F}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}"
              }
            ],
            "repeated": 0,
            "id": 6211
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6212
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6213
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6214
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6215
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6216
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000520"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}"
              }
            ],
            "repeated": 0,
            "id": 6217
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6218
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6219
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6220
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747be08d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6221
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x747be0b3",
            "parentcaller": "0x747be9b1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6222
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747be0d2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6223
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xda\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xd3\\x9c\\xb8u\\x00\\x00\\xdf\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00#\\xbc^&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x0c\\xdc\\x08\\x0bp\\x07\\xbbu"
              }
            ],
            "repeated": 0,
            "id": 6224
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6225
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 6226
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 6227
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747beb42",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 6228
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 6229
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6230
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6231
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6232
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6233
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747be1ec",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xdb\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00&\\xe5\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00L\\xdb\\x08\\x0bD&\\xb9u\\xff\\xff\\xff\\xff\\x0c\\x00\\x00\\x00\\x8c\\xdb\\x08\\x0b"
              }
            ],
            "repeated": 0,
            "id": 6234
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6235
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 6236
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747beba4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 6237
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020006",
                "pretty_value": "KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6238
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec02",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 6239
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec1e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6240
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6241
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6242
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{DE61D971-5EBC-4F02-A3A9-6C82895E5C04}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE61D971-5EBC-4F02-A3A9-6C82895E5C04}"
              }
            ],
            "repeated": 0,
            "id": 6243
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6244
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6245
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 6246
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6247
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6248
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}"
              }
            ],
            "repeated": 0,
            "id": 6249
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 6250
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6251
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6252
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6253
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6254
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{0762D272-C50A-4BB0-A382-697DCD729B80}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}"
              }
            ],
            "repeated": 0,
            "id": 6255
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6256
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6257
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 6258
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6259
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6260
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}"
              }
            ],
            "repeated": 0,
            "id": 6261
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 6262
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6263
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6264
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6265
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6266
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              }
            ],
            "repeated": 0,
            "id": 6267
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6268
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6269
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 6270
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6271
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6272
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
              }
            ],
            "repeated": 0,
            "id": 6273
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 6274
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6275
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6276
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6277
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6278
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              }
            ],
            "repeated": 0,
            "id": 6279
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6280
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000534"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6281
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 6282
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e5a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6283
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6284
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6285
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000534"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}"
              }
            ],
            "repeated": 0,
            "id": 6286
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 6287
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6288
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6289
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6290
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6291
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{AB5FB87B-7CE2-4F83-915D-550846C9537B}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}"
              }
            ],
            "repeated": 0,
            "id": 6292
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6293
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000534"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6294
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 6295
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6296
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6297
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000534"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{0AC0837C-BBF8-452A-850D-79D08E667CA7}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}"
              }
            ],
            "repeated": 0,
            "id": 6298
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 6299
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6300
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6301
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6302
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6303
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{D0384E7D-BAC3-4797-8F14-CBA229B392B5}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}"
              }
            ],
            "repeated": 0,
            "id": 6304
          },
          {
            "timestamp": "2026-06-28 21:56:17,230",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6305
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000534"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6306
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 6307
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6308
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6309
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000534"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}"
              }
            ],
            "repeated": 0,
            "id": 6310
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 6311
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6312
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6313
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6314
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6315
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{A3918781-E5F2-4890-B3D9-A7E54332328C}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}"
              }
            ],
            "repeated": 0,
            "id": 6316
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6317
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000538"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6318
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6319
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6320
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6321
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 6322
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000538"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{AE50C081-EBD2-438A-8655-8A092E34987A}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}"
              }
            ],
            "repeated": 0,
            "id": 6323
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6324
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6325
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6326
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6327
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6328
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{B7BEDE81-DF94-4682-A7D8-57A52620B86F}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7BEDE81-DF94-4682-A7D8-57A52620B86F}"
              }
            ],
            "repeated": 0,
            "id": 6329
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6330
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000538"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6331
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6332
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6333
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6334
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000538"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{3B193882-D3AD-4EAB-965A-69829D1FB59F}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4EAB-965A-69829D1FB59F}"
              }
            ],
            "repeated": 0,
            "id": 6335
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6336
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6337
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6338
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6339
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6340
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              }
            ],
            "repeated": 0,
            "id": 6341
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6342
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000538"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6343
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6344
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6345
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6346
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000538"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              }
            ],
            "repeated": 0,
            "id": 6347
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6348
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6349
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6350
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6351
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6352
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              }
            ],
            "repeated": 0,
            "id": 6353
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6354
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000538"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6355
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6356
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e5b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6357
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6358
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6359
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6360
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6361
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6362
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6363
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6364
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6365
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xd9\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6366
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 6367
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 6368
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6369
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8c\\xd7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\x0c\\xd8\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st0\\xd8\\x08\\x0b,\\xd8\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6370
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6371
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6372
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6373
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747ba61c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6374
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747ba7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "x%\\xe5\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6375
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6376
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 6377
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73708463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6378
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747ba66b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6379
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6380
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 6381
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6382
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6383
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000053c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}"
              }
            ],
            "repeated": 0,
            "id": 6384
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 6385
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000538"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6386
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6387
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6388
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6389
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000538"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{1E87508D-89C2-42F0-8A7E-645A0F50CA58}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1E87508D-89C2-42F0-8A7E-645A0F50CA58}"
              }
            ],
            "repeated": 0,
            "id": 6390
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6391
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6392
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6393
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6394
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6395
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}"
              }
            ],
            "repeated": 0,
            "id": 6396
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6397
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000538"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6398
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6399
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6400
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6401
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000538"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}"
              }
            ],
            "repeated": 0,
            "id": 6402
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6403
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6404
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6405
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6406
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6407
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}"
              }
            ],
            "repeated": 0,
            "id": 6408
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6409
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000538"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6410
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6411
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6412
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6413
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000538"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}"
              }
            ],
            "repeated": 0,
            "id": 6414
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 6415
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000538"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6416
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6417
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747be08d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6418
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x747be0b3",
            "parentcaller": "0x747be9b1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6419
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747be0d2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6420
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xda\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xd3\\x9c\\xb8u\\x00\\x00\\xdf\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00#\\xbc^&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x05\\x00\\x00\\x0c\\xdc\\x08\\x0bp\\x07\\xbbu"
              }
            ],
            "repeated": 0,
            "id": 6421
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6422
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 6423
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6424
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747beb42",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6425
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 6426
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6427
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6428
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6429
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6430
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747be1ec",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xdb\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00@(\\xe5\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00L\\xdb\\x08\\x0bD&\\xb9u\\xff\\xff\\xff\\xff\\x0c\\x00\\x00\\x00\\x8c\\xdb\\x08\\x0b"
              }
            ],
            "repeated": 0,
            "id": 6431
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6432
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 6433
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747beba4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6434
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020006",
                "pretty_value": "KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6435
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec02",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6436
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec1e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6437
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6438
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6439
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              }
            ],
            "repeated": 0,
            "id": 6440
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6441
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6442
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6443
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              }
            ],
            "repeated": 0,
            "id": 6444
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6445
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000540"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6446
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6447
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6448
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6449
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6450
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6451
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6452
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6453
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6454
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6455
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xd9\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6456
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 6457
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 6458
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6459
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8c\\xd7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\x0c\\xd8\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st0\\xd8\\x08\\x0b,\\xd8\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6460
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6461
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6462
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6463
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747ba61c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6464
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747ba7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h \\xe5\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6465
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6466
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 6467
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73708463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 6468
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747ba66b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6469
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6470
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6471
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747be08d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6472
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x747be0b3",
            "parentcaller": "0x747be9b1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6473
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747be0d2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6474
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xda\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xd3\\x9c\\xb8u\\x00\\x00\\xdf\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00#\\xbc^&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x0c\\xdc\\x08\\x0bp\\x07\\xbbu"
              }
            ],
            "repeated": 0,
            "id": 6475
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6476
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 6477
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6478
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747beb42",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6479
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 6480
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6481
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6482
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6483
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6484
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747be1ec",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xdb\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xb0'\\xe5\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00L\\xdb\\x08\\x0bD&\\xb9u\\xff\\xff\\xff\\xff\\x0c\\x00\\x00\\x00\\x8c\\xdb\\x08\\x0b"
              }
            ],
            "repeated": 0,
            "id": 6485
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6486
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 6487
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747beba4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6488
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020006",
                "pretty_value": "KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6489
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec02",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6490
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec1e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6491
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6492
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6493
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6494
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6495
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6496
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6497
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6498
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6499
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{A305CE99-F527-492B-8B1A-7E76FA98D6E4}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A305CE99-F527-492B-8B1A-7E76FA98D6E4}"
              }
            ],
            "repeated": 0,
            "id": 6500
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6501
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000540"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6502
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6503
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6504
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6505
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000540"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{3D644C9B-1FB8-4F30-9B45-F670235F79C0}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}"
              }
            ],
            "repeated": 0,
            "id": 6506
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6507
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6508
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6509
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6510
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747be08d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6511
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x747be0b3",
            "parentcaller": "0x747be9b1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6512
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747be0d2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6513
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xda\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xd3\\x9c\\xb8u\\x00\\x00\\xdf\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00#\\xbc^&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00D\\x05\\x00\\x00\\x0c\\xdc\\x08\\x0bp\\x07\\xbbu"
              }
            ],
            "repeated": 0,
            "id": 6514
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6515
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 6516
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6517
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747beb42",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6518
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 6519
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6520
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6521
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6522
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6523
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747be1ec",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xdb\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x88(\\xe5\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00L\\xdb\\x08\\x0bD&\\xb9u\\xff\\xff\\xff\\xff\\x0c\\x00\\x00\\x00\\x8c\\xdb\\x08\\x0b"
              }
            ],
            "repeated": 0,
            "id": 6524
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6525
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 6526
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747beba4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6527
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020006",
                "pretty_value": "KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6528
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec02",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6529
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec1e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6530
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6531
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6532
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6533
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6534
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6535
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6536
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6537
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6538
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{A440879F-87A0-4F7D-B700-0207B966194A}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}"
              }
            ],
            "repeated": 0,
            "id": 6539
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6540
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000540"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6541
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6542
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6543
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6544
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000540"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{A990AE9F-A03B-4E80-94BC-9912D7504104}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4E80-94BC-9912D7504104}"
              }
            ],
            "repeated": 0,
            "id": 6545
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 6546
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6547
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6548
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6549
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6550
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              }
            ],
            "repeated": 0,
            "id": 6551
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6552
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6553
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6554
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6555
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6556
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{1A6FDBA2-F42D-4358-A798-B74D745926C5}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}"
              }
            ],
            "repeated": 0,
            "id": 6557
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6558
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6559
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6560
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6561
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6562
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{559D40A3-A036-40FA-AF61-84CB430A4D34}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}"
              }
            ],
            "repeated": 0,
            "id": 6563
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6564
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6565
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6566
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6567
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6568
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000530"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{9B74B6A3-0DFD-4F11-9E78-5F7800F2E772}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4F11-9E78-5F7800F2E772}"
              }
            ],
            "repeated": 0,
            "id": 6569
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 6570
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6571
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6572
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6573
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6574
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
              }
            ],
            "repeated": 0,
            "id": 6575
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6576
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6577
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 6578
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6579
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6580
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}"
              }
            ],
            "repeated": 0,
            "id": 6581
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 6582
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6583
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6584
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6585
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6586
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{B88F4DAA-E7BD-49A9-B74D-02885A5DC765}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49A9-B74D-02885A5DC765}"
              }
            ],
            "repeated": 0,
            "id": 6587
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6588
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6589
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 6590
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6591
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6592
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{2C36C0AA-5812-4B87-BFD0-4CD0DFB19B39}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4B87-BFD0-4CD0DFB19B39}"
              }
            ],
            "repeated": 0,
            "id": 6593
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 6594
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6595
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6596
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6597
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6598
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{9E3995AB-1F9C-4F13-B827-48B24B6C7174}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}"
              }
            ],
            "repeated": 0,
            "id": 6599
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6600
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6601
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 6602
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6603
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6604
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{DF7266AC-9274-4867-8D55-3BD661DE872D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DF7266AC-9274-4867-8D55-3BD661DE872D}"
              }
            ],
            "repeated": 0,
            "id": 6605
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 6606
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6607
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6608
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6609
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6610
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000544"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{ED4824AF-DCE4-45A8-81E2-FC7965083634}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}"
              }
            ],
            "repeated": 0,
            "id": 6611
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 6612
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6613
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 6614
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6615
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6616
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}"
              }
            ],
            "repeated": 0,
            "id": 6617
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 6618
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6619
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              }
            ],
            "repeated": 0,
            "id": 6620
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6621
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6622
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000550"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}"
              }
            ],
            "repeated": 0,
            "id": 6623
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              }
            ],
            "repeated": 0,
            "id": 6624
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000550"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6625
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              }
            ],
            "repeated": 0,
            "id": 6626
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6627
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000550"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6628
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000550"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{3214FAB5-9757-4298-BB61-92A9DEAA44FF}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}"
              }
            ],
            "repeated": 0,
            "id": 6629
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              }
            ],
            "repeated": 0,
            "id": 6630
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000550"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6631
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              }
            ],
            "repeated": 0,
            "id": 6632
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6633
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6634
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}"
              }
            ],
            "repeated": 0,
            "id": 6635
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              }
            ],
            "repeated": 0,
            "id": 6636
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000554"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6637
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 6638
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6639
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6640
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000554"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
              }
            ],
            "repeated": 0,
            "id": 6641
          },
          {
            "timestamp": "2026-06-28 21:56:17,246",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 6642
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000558"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6643
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              }
            ],
            "repeated": 0,
            "id": 6644
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6645
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6646
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000055c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}"
              }
            ],
            "repeated": 0,
            "id": 6647
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              }
            ],
            "repeated": 0,
            "id": 6648
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000055c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6649
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              }
            ],
            "repeated": 0,
            "id": 6650
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6651
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000055c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6652
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000055c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{B97D20BB-F46A-4C97-BA10-5E3608430854}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}"
              }
            ],
            "repeated": 0,
            "id": 6653
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              }
            ],
            "repeated": 0,
            "id": 6654
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6655
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6656
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6657
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6658
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000055c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}"
              }
            ],
            "repeated": 0,
            "id": 6659
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6660
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000055c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6661
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              }
            ],
            "repeated": 0,
            "id": 6662
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6663
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000055c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6664
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000055c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              }
            ],
            "repeated": 0,
            "id": 6665
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              }
            ],
            "repeated": 0,
            "id": 6666
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6667
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6668
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6669
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6670
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6671
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6672
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6673
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6674
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6675
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6676
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xd9\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6677
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000055c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 6678
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000055c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 6679
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              }
            ],
            "repeated": 0,
            "id": 6680
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8c\\xd7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\x0c\\xd8\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st0\\xd8\\x08\\x0b,\\xd8\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6681
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000055c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6682
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000564"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000055c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6683
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              }
            ],
            "repeated": 0,
            "id": 6684
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747ba61c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000055c"
              }
            ],
            "repeated": 0,
            "id": 6685
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747ba7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p'\\xe5\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6686
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6687
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 6688
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73708463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6689
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747ba66b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              }
            ],
            "repeated": 0,
            "id": 6690
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6691
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000564"
              }
            ],
            "repeated": 0,
            "id": 6692
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6693
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000564"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6694
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000564"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              }
            ],
            "repeated": 0,
            "id": 6695
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000564"
              }
            ],
            "repeated": 0,
            "id": 6696
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6697
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6698
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6699
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6700
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000564"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}"
              }
            ],
            "repeated": 0,
            "id": 6701
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6702
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000564"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6703
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000564"
              }
            ],
            "repeated": 0,
            "id": 6704
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6705
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000564"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6706
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000564"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{DE92C1C7-837F-4F69-A3BB-86E631204A23}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}"
              }
            ],
            "repeated": 0,
            "id": 6707
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000564"
              }
            ],
            "repeated": 0,
            "id": 6708
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000564"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6709
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6710
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6711
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6712
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000055c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{10C07CD0-EF91-4567-B850-448B77CB37F9}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}"
              }
            ],
            "repeated": 0,
            "id": 6713
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6714
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000055c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6715
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              }
            ],
            "repeated": 0,
            "id": 6716
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6717
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000055c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6718
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000055c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              }
            ],
            "repeated": 0,
            "id": 6719
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              }
            ],
            "repeated": 0,
            "id": 6720
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000055c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6721
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6722
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747be08d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6723
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x747be0b3",
            "parentcaller": "0x747be9b1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6724
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747be0d2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6725
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xda\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xd3\\x9c\\xb8u\\x00\\x00\\xdf\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00#\\xbc^&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x05\\x00\\x00\\x0c\\xdc\\x08\\x0bp\\x07\\xbbu"
              }
            ],
            "repeated": 0,
            "id": 6726
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6727
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 6728
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6729
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747beb42",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6730
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 6731
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6732
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6733
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6734
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6735
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747be1ec",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xdb\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00 '\\xe5\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00L\\xdb\\x08\\x0bD&\\xb9u\\xff\\xff\\xff\\xff\\x0c\\x00\\x00\\x00\\x8c\\xdb\\x08\\x0b"
              }
            ],
            "repeated": 0,
            "id": 6736
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6737
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 6738
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747beba4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6739
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020006",
                "pretty_value": "KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6740
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec02",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6741
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec1e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6742
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6743
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6744
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}"
              }
            ],
            "repeated": 0,
            "id": 6745
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6746
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6747
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6748
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6749
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6750
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{190337D1-B8CA-4121-A639-6D472D16972A}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337D1-B8CA-4121-A639-6D472D16972A}"
              }
            ],
            "repeated": 0,
            "id": 6751
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6752
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6753
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6754
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747be08d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6755
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x747be0b3",
            "parentcaller": "0x747be9b1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6756
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747be0d2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6757
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xda\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xd3\\x9c\\xb8u\\x00\\x00\\xdf\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00#\\xbc^&\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\x05\\x00\\x00\\x0c\\xdc\\x08\\x0bp\\x07\\xbbu"
              }
            ],
            "repeated": 0,
            "id": 6758
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6759
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 6760
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6761
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747beb42",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6762
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 6763
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6764
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6765
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6766
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6767
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747be1ec",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xdb\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00 '\\xe5\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00L\\xdb\\x08\\x0bD&\\xb9u\\xff\\xff\\xff\\xff\\x0c\\x00\\x00\\x00\\x8c\\xdb\\x08\\x0b"
              }
            ],
            "repeated": 0,
            "id": 6768
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6769
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 6770
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747beba4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6771
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020006",
                "pretty_value": "KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6772
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec02",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6773
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bec1e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6774
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6775
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6776
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6777
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6778
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6779
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6780
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6781
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6782
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{1C2AC1DC-4358-4B6C-9733-AF21156576F0}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}"
              }
            ],
            "repeated": 0,
            "id": 6783
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6784
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6785
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6786
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6787
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6788
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{54EED2E0-E7CA-4FDB-9148-0F4247291CFA}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4FDB-9148-0F4247291CFA}"
              }
            ],
            "repeated": 0,
            "id": 6789
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6790
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6791
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6792
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6793
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6794
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"
              }
            ],
            "repeated": 0,
            "id": 6795
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6796
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6797
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6798
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6799
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6800
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6801
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6802
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6803
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6804
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6805
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6806
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xd9\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6807
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 6808
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 6809
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6810
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8c\\xd7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\x0c\\xd8\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st0\\xd8\\x08\\x0b,\\xd8\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6811
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6812
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6813
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6814
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747ba61c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6815
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747ba7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "8#\\xe5\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6816
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6817
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000570"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 6818
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73708463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000570"
              }
            ],
            "repeated": 0,
            "id": 6819
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747ba66b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6820
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6821
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056c"
              }
            ],
            "repeated": 0,
            "id": 6822
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6823
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6824
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}"
              }
            ],
            "repeated": 0,
            "id": 6825
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056c"
              }
            ],
            "repeated": 0,
            "id": 6826
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6827
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6828
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6829
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6830
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{B94237E7-57AC-4347-9151-B08C6C32D1F7}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}"
              }
            ],
            "repeated": 0,
            "id": 6831
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6832
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6833
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056c"
              }
            ],
            "repeated": 0,
            "id": 6834
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6835
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6836
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              }
            ],
            "repeated": 0,
            "id": 6837
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056c"
              }
            ],
            "repeated": 0,
            "id": 6838
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6839
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6840
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6841
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6842
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{A63293E8-664E-48DB-A079-DF759E0509F7}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}"
              }
            ],
            "repeated": 0,
            "id": 6843
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6844
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6845
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056c"
              }
            ],
            "repeated": 0,
            "id": 6846
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6847
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6848
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{5CE4A5E9-E4EB-479D-B89F-130C02886155}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}"
              }
            ],
            "repeated": 0,
            "id": 6849
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056c"
              }
            ],
            "repeated": 0,
            "id": 6850
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6851
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6852
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6853
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6854
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{82A74AEB-AEB4-465C-A014-D097EE346D63}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}"
              }
            ],
            "repeated": 0,
            "id": 6855
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6856
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6857
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056c"
              }
            ],
            "repeated": 0,
            "id": 6858
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6859
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6860
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
              }
            ],
            "repeated": 0,
            "id": 6861
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056c"
              }
            ],
            "repeated": 0,
            "id": 6862
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6863
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6864
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6865
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6866
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{43668BF8-C14E-49B2-97C9-747784D784B7}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}"
              }
            ],
            "repeated": 0,
            "id": 6867
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6868
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6869
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6870
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6871
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6872
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{915221FB-9EFE-4BDA-8FD7-F78DCA774F87}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4BDA-8FD7-F78DCA774F87}"
              }
            ],
            "repeated": 0,
            "id": 6873
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6874
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6875
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6876
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6877
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6878
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}"
              }
            ],
            "repeated": 0,
            "id": 6879
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6880
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6881
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6882
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6883
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6884
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"
              }
            ],
            "repeated": 0,
            "id": 6885
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bd698",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6886
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000568"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6887
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747bdebf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6888
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6889
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6890
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6891
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6892
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6893
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6894
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6895
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6896
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xd9\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6897
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 6898
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 6899
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6900
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8c\\xd7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\x0c\\xd8\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st0\\xd8\\x08\\x0b,\\xd8\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6901
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6902
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000570"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000560"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6903
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6904
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747ba61c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6905
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747ba7ad",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8#\\xe5\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6906
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6907
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000574"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 6908
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73708463",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 6909
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747ba66b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6910
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6911
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000570"
              }
            ],
            "repeated": 0,
            "id": 6912
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 6913
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f0bb",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 6914
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 6915
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6916
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Searches\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6917
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75baa9ec",
            "parentcaller": "0x7480f158",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Searches\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6918
          },
          {
            "timestamp": "2026-06-28 21:56:17,261",
            "thread_id": "3348",
            "caller": "0x75b90e6c",
            "parentcaller": "0x7480f1a1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Searches\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x009\\x000\\x003\\x001\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00"
              },
              {
                "name": "Length",
                "value": "524"
              }
            ],
            "repeated": 0,
            "id": 6919
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x7480f1f4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Searches\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xd2@\\x08\\xf8v\\x07\\xdd\\x01LS\\x12\\xf0|\\x07\\xdd\\x01\\xa3z\"\\xf8v\\x07\\xdd\\x01\\xa3z\"\\xf8v\\x07\\xdd\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6920
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480f20b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 6921
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x7480f215",
            "parentcaller": "0x7480f05c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6922
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f254",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 6923
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 6924
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6925
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6926
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 6927
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f0bb",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 6928
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 6929
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6930
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Contacts\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6931
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75baa9ec",
            "parentcaller": "0x7480f158",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Contacts\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xa0\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x9c\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6932
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b90e6c",
            "parentcaller": "0x7480f1a1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Contacts\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00C\\x00o\\x00m\\x00m\\x00o\\x00n\\x00P\\x00r\\x00o\\x00g\\x00r\\x00a\\x00m\\x00F\\x00i\\x00l\\x00e\\x00s\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x00\\\\x00w\\x00a\\x00b\\x003\\x002\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x001\\x000\\x001\\x000\\x000\\x00\r\\x00\n\\x00I\\x00n\\x00f\\x00o\\x00T\\x00i\\x00p\\x00=\\x00@\\x00%\\x00C\\x00o\\x00m\\x00m\\x00o\\x00n\\x00P\\x00r\\x00o\\x00g\\x00r\\x00a\\x00m\\x00F\\x00i\\x00l\\x00e\\x00s\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00"
              },
              {
                "name": "Length",
                "value": "412"
              }
            ],
            "repeated": 0,
            "id": 6933
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x7480f1f4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Contacts\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "E\\x90\\xf7\\xf7v\\x07\\xdd\\x01LS\\x12\\xf0|\\x07\\xdd\\x01E\\x90\\xf7\\xf7v\\x07\\xdd\\x01E\\x90\\xf7\\xf7v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6934
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480f20b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 6935
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x7480f215",
            "parentcaller": "0x7480f05c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6936
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f254",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 6937
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 6938
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6939
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6940
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6941
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 6942
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f0bb",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 6943
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 6944
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6945
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Favorites\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6946
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75baa9ec",
            "parentcaller": "0x7480f158",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Favorites\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x98\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x92\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6947
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b90e6c",
            "parentcaller": "0x7480f1a1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Favorites\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x009\\x006\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "402"
              }
            ],
            "repeated": 0,
            "id": 6948
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x7480f1f4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Favorites\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x88\\xf2\\xf9\\xf7v\\x07\\xdd\\x01LS\\x12\\xf0|\\x07\\xdd\\x01\\x88\\xf2\\xf9\\xf7v\\x07\\xdd\\x01\\xfc\\xce\\x00\\xfbv\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6949
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480f20b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 6950
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x7480f215",
            "parentcaller": "0x7480f05c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6951
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f254",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 6952
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 6953
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6954
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6955
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e62000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6956
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6957
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 6958
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f0bb",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 6959
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 6960
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6961
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Links\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6962
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75baa9ec",
            "parentcaller": "0x7480f158",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Links\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6963
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b90e6c",
            "parentcaller": "0x7480f1a1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Links\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x008\\x001\\x000\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "504"
              }
            ],
            "repeated": 0,
            "id": 6964
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e64000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6965
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x7480f1f4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Links\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xebS\\x1b\\xf8v\\x07\\xdd\\x01LS\\x12\\xf0|\\x07\\xdd\\x01\\xff\\xa1)\\xf8v\\x07\\xdd\\x01\\xff\\xa1)\\xf8v\\x07\\xdd\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6966
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480f20b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 6967
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x7480f215",
            "parentcaller": "0x7480f05c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6968
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f254",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 6969
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 6970
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6971
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6972
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 6973
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f0bb",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 6974
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 6975
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6976
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Saved Games\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6977
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75baa9ec",
            "parentcaller": "0x7480f158",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Saved Games\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1a\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6978
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b90e6c",
            "parentcaller": "0x7480f1a1",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Saved Games\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x008\\x001\\x004\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "282"
              }
            ],
            "repeated": 0,
            "id": 6979
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x7480f1f4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Saved Games\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe9\\xb5\\x1d\\xf8v\\x07\\xdd\\x01LS\\x12\\xf0|\\x07\\xdd\\x01\\xe9\\xb5\\x1d\\xf8v\\x07\\xdd\\x01\\xe9\\xb5\\x1d\\xf8v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6980
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480f20b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 6981
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x7480f215",
            "parentcaller": "0x7480f05c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6982
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x7487f9b5",
            "parentcaller": "0x7480f254",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 6983
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9d52c",
            "parentcaller": "0x7487f9e1",
            "category": "process",
            "api": "NtReadVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 6984
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75ba9071",
            "parentcaller": "0x7487fa0f",
            "category": "process",
            "api": "NtWriteVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a37175"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6985
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c18d3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6986
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 6987
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 6988
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000554"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6989
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6990
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6991
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 6992
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 6993
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6994
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 6995
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 6996
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 6997
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6998
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 6999
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 7000
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7001
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000100",
                "pretty_value": "KEY_WOW64_64KEY|0x02000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 7002
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000100",
                "pretty_value": "KEY_WOW64_64KEY|0x02000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 7003
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000554"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7004
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747b6127",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 7005
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7006
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 7007
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7008
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 7009
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000554"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7010
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000554"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7011
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747b6127",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 7012
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7013
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 7014
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 7015
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000554"
              },
              {
                "name": "ObjectAttributesName",
                "value": "UsersFiles\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 7016
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000554"
              },
              {
                "name": "ObjectAttributesName",
                "value": "UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 7017
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747b8fb0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 7018
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7019
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7020
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7021
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 7022
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 7023
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7024
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7025
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xd7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x1c\\xd8\\xcc\\xd7\\xc0\\xd7V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02h\\xda\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7026
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 7027
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7028
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7029
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xd7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x1c\\xd8\\xcc\\xd7\\xc0\\xd7V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02h\\xda\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7030
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 7031
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7032
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7033
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xd7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x1c\\xd8\\xcc\\xd7\\xc0\\xd7V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02h\\xda\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7034
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 7035
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7036
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7037
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xd7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x1c\\xd8\\xcc\\xd7\\xc0\\xd7V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02h\\xda\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7038
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 7039
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747ba92e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000556"
              }
            ],
            "repeated": 0,
            "id": 7040
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7041
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 7042
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7043
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 7044
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7045
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 7046
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7047
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 7048
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f78aa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 7049
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x747bb6a0",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              }
            ],
            "repeated": 0,
            "id": 7050
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c3dc4",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7051
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7052
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 7053
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000554"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 7054
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7482326c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 7055
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x748232a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 7056
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7057
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x747f100a",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000568"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7058
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x747f10ac",
            "parentcaller": "0x747f0e26",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000568"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xean:\\xdd\\xac\\xd5\\x017\\xa7\\xfd\\xe3w\\x07\\xdd\\x01oE\\xfb\\xe3w\\x07\\xdd\\x01oE\\xfb\\xe3w\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\x01\\x00\\x00\\x00\\x00\\x01\\x00U\\x00s\\x00e\\x00r\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 7059
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747f0e4c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 7060
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 7061
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x747e8126",
            "parentcaller": "0x747e6b20",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7062
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 7063
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x747e8126",
            "parentcaller": "0x74838450",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7064
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7065
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b92728",
            "parentcaller": "0x747f100a",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000568"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7066
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x747f10ac",
            "parentcaller": "0x747f0e26",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000568"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8.\\xdf\\xeev\\x07\\xdd\\x01\\xf8m>Pz\\x07\\xdd\\x01\\xf8m>Pz\\x07\\xdd\\x01\\xf8m>Pz\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfbd\\x01\\x00\\x00\\x00\\x02\\x00R\\x00a\\x00j\\x00e\\x00s\\x00h\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 7067
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747f0e4c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 7068
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 7069
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x747e8126",
            "parentcaller": "0x74838450",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 7070
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e65000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7071
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7072
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e67000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7073
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e68000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7074
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x747c3b1f",
            "parentcaller": "0x747c1757",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 7075
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7076
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 7077
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b84343",
            "parentcaller": "0x75b84121",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd0\\x14\\xffde$\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 7078
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x748129da",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 7079
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7080
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap"
              }
            ],
            "repeated": 0,
            "id": 7081
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7374820f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 7082
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7083
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7084
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7085
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": ".exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 7086
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 7087
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7088
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7089
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xe3\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xe4\\x04\\xe4\\xf8\\xe3j\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xe6\\x08\\x0b\\xbc^\\xb8uj\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7090
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 7091
          },
          {
            "timestamp": "2026-06-28 21:56:17,277",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73748252",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056a"
              }
            ],
            "repeated": 0,
            "id": 7092
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76873000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7093
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 7094
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76873000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7095
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 7096
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x7481708d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 7097
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x7481715c",
            "parentcaller": "0x748170b0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7098
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x748170ef",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 7099
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7100
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7101
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7102
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": ".exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 7103
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 7104
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7105
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7106
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xef\\xac\\xef\\xa0\\xefj\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xf2\\x08\\x0b\\xbc^\\xb8uj\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7107
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 7108
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7109
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7110
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7111
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 7112
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 7113
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7114
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7115
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00|\\xf0,\\xf0 \\xf0V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc8\\xf2\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7116
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 7117
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000556"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 7118
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7119
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7120
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xf0\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x0c\\xf1\\xbc\\xf0\\xb0\\xf0V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00X\\xf3\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7121
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 7122
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000570"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000556"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\"
              }
            ],
            "repeated": 0,
            "id": 7123
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x748175e8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000556"
              }
            ],
            "repeated": 0,
            "id": 7124
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7125
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7126
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xf1\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xf2\\x1c\\xf2\\x10\\xf2r\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xb8\\xf4\\x08\\x0b\\xbc^\\xb8ur\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7127
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 7128
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7129
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7130
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xf0\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xf1\\xd4\\xf0\\xc8\\xf0r\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00p\\xf3\\x08\\x0b\\xbc^\\xb8ur\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7131
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas"
              }
            ],
            "repeated": 0,
            "id": 7132
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000572"
              },
              {
                "name": "ObjectAttributesName",
                "value": "shell\\runas"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              }
            ],
            "repeated": 0,
            "id": 7133
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7134
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7135
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xf3\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x9c\\xf3L\\xf3@\\xf3V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\xe8\\xf5\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7136
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas"
              }
            ],
            "repeated": 0,
            "id": 7137
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000556"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\"
              }
            ],
            "repeated": 0,
            "id": 7138
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7139
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7140
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xf2\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x84\\xf34\\xf3(\\xf3b\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\xd0\\xf5\\x08\\x0b\\xbc^\\xb8ub\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7141
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas"
              }
            ],
            "repeated": 0,
            "id": 7142
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000574"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000562"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\"
              }
            ],
            "repeated": 0,
            "id": 7143
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7483fece",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              }
            ],
            "repeated": 0,
            "id": 7144
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x747c3b1f",
            "parentcaller": "0x747c1757",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 7145
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7146
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 7147
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7148
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7149
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 7150
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8334",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7151
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f5106f",
            "parentcaller": "0x76f4f009",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "edputil.dll"
              }
            ],
            "repeated": 0,
            "id": 7152
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f5210c",
            "parentcaller": "0x76f52016",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\edputil.dll"
              }
            ],
            "repeated": 0,
            "id": 7153
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f5e5df",
            "parentcaller": "0x76f5e32b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\edputil.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 7154
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f5e61c",
            "parentcaller": "0x76f5e32b",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000057c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000578"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\edputil.dll"
              }
            ],
            "repeated": 0,
            "id": 7155
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x736e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0001b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7156
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f4ffdf",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x736f8000"
              },
              {
                "name": "ModuleName",
                "value": "edputil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7157
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f50087",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x736f6000"
              },
              {
                "name": "ModuleName",
                "value": "edputil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7158
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f500b5",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x736f6000"
              },
              {
                "name": "ModuleName",
                "value": "edputil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7159
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7160
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7161
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x736f6000"
              },
              {
                "name": "ModuleName",
                "value": "edputil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7162
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f5e670",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7163
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f5e678",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7164
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x736f6000"
              },
              {
                "name": "ModuleName",
                "value": "edputil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7165
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\edputil"
              },
              {
                "name": "DllBase",
                "value": "0x736e0000"
              }
            ],
            "repeated": 0,
            "id": 7166
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f4dd42",
            "parentcaller": "0x76f51843",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\edputil"
              },
              {
                "name": "BaseAddress",
                "value": "0x736e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x736e47c0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7167
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7168
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7169
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x7486e63a",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7170
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x7486e5a8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8d\\xe6\\x04\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7171
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7486e5c9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7172
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7173
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 7174
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8275",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7175
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7176
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 7177
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8334",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7178
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7179
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7180
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd8\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7181
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 7182
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 7183
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7184
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd4\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xffT\\xd7\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0stx\\xd7\\x08\\x0bt\\xd7\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7185
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 7186
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000057c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 7187
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7188
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7189
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 7190
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 7191
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7192
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd8\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7193
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 7194
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000578"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 7195
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7196
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7197
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 7198
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 7199
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0d92",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7200
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7201
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7202
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd8\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7203
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 7204
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000580"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 7205
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 7206
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd4\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xffT\\xd7\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0stx\\xd7\\x08\\x0bt\\xd7\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7207
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 7208
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000580"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 7209
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 7210
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7211
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7212
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7213
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7214
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd8\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7215
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7216
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7217
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7218
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd8\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7219
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7220
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7221
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7222
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd8\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7223
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 7224
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000578"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 7225
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7226
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd4\\xd6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xffT\\xd7\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0stx\\xd7\\x08\\x0bt\\xd7\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7227
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 7228
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000578"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 7229
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 7230
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 7231
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 7232
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 7233
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7234
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xd8\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7235
          },
          {
            "timestamp": "2026-06-28 21:56:17,293",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 7236
          },
          {
            "timestamp": "2026-06-28 21:56:17,340",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 11,
            "id": 7237
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x747c69db",
            "parentcaller": "0x747c62a0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7238
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7239
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7240
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b9fd84",
            "parentcaller": "0x753ca7ea",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000057c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 7241
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f679e9",
            "parentcaller": "0x753bdc27",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7242
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75ba68b3",
            "parentcaller": "0x75ba6840",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 7243
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75ba67a1",
            "parentcaller": "0x75ba66ad",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000584"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 7244
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75ba67f0",
            "parentcaller": "0x75ba66ad",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000584"
              }
            ],
            "repeated": 0,
            "id": 7245
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75ba67a1",
            "parentcaller": "0x75ba66f3",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000584"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 7246
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75ba67f0",
            "parentcaller": "0x75ba66f3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000584"
              }
            ],
            "repeated": 0,
            "id": 7247
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7248
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000584"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 7249
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x758a0a86",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000584"
              }
            ],
            "repeated": 0,
            "id": 7250
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7251
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7252
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "AppID\\vs_Community_1_.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\vs_Community_1_.exe"
              }
            ],
            "repeated": 0,
            "id": 7253
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\AppID\\vs_Community_1_.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\vs_Community_1_.exe"
              }
            ],
            "repeated": 0,
            "id": 7254
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7255
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "AppID\\vs_Community_1_.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\vs_Community_1_.exe"
              }
            ],
            "repeated": 0,
            "id": 7256
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\AppID\\vs_Community_1_.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\vs_Community_1_.exe"
              }
            ],
            "repeated": 0,
            "id": 7257
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7258
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000584"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 7259
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x757d0f0e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000584"
              }
            ],
            "repeated": 0,
            "id": 7260
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7261
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000584"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\OLE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 7262
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x7588f5b7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000588"
              }
            ],
            "repeated": 0,
            "id": 7263
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x7588f5d0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7264
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x7588f60a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00>\\xe6\\x04`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7265
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7588f635",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000588"
              }
            ],
            "repeated": 0,
            "id": 7266
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b94081",
            "parentcaller": "0x757d2447",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0000001e"
              }
            ],
            "repeated": 0,
            "id": 7267
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x757d11a0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000584"
              }
            ],
            "repeated": 0,
            "id": 7268
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7269
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7270
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e69000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7271
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e6a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7272
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x757d340e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000584"
              }
            ],
            "repeated": 0,
            "id": 7273
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7274
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7275
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f679e9",
            "parentcaller": "0x753bdc27",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7276
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b8f5ef",
            "parentcaller": "0x757fa36f",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.COM.DISABLE.3412"
              }
            ],
            "repeated": 0,
            "id": 7277
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b8f5ef",
            "parentcaller": "0x75b92e4d",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.IEC.STATUS.6c736db0"
              }
            ],
            "repeated": 0,
            "id": 7278
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7279
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7280
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 7281
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000058c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 7282
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000058e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7283
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000058e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7284
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xd2\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xd3\\xd4\\xd2\\xc8\\xd2\\x8e\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00p\\xd5\\x08\\x0b\\xbc^\\xb8u\\x8e\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7285
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 7286
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000058e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 7287
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000592"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7288
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000592"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7289
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xd2\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xd2\\xac\\xd2\\xa0\\xd2\\x92\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xd5\\x08\\x0b\\xbc^\\xb8u\\x92\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7290
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 7291
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7580fd35",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000592"
              }
            ],
            "repeated": 0,
            "id": 7292
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7580fd41",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058e"
              }
            ],
            "repeated": 0,
            "id": 7293
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f679e9",
            "parentcaller": "0x753bdc27",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7294
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x753bcc42",
            "parentcaller": "0x753bc651",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000058c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 7295
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x753bccd3",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 7296
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f569f0",
            "parentcaller": "0x76f59426",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd6A\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7297
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f59094",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "T\\xf2\\xe2\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7298
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f590d3",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8-\\xe6\\x04`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7299
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f590f0",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7300
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f5912f",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x84G\\xe6\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7301
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f59148",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7302
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f59183",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "<\\x02\\xe4\\x04\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 7303
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f59210",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86_tX\\xa3_t\\x06\\x00\\x00\\x00D\\xa3_t`\\x00\\x00\\x008\\x02\\xe4\\x04\\x00\\x00#\\x00\\xac\\xd6\\xa0\\xd6\\x90\\x05\\x00\\x00\\xdc\\x07\\x00\\x00\\x00\\x00\\xdf\\x04#\\x00\\x00\\xc0\\x90\\x05\\x00\\x00\\xf4\\xd6\\x08\\x0b\\x83\\x91\\xf5v\\x90\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7304
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f5923e",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfgt\\xe4\\xc6\\xf8\\x06\\xdc\\x07\\xf3\\x06#\\x00\\x00\\xc0\\xbc\\xa9=t\\xe4x\\xa9^\\x9c\\xd1\\x08\\x0b\\x90\\x05\\x00\\x00P\\xe0\\x08\\x0b\\x10\\xf4Tt8I\\xc1!\\xfe\\xff\\xff\\xff\\xac\\xd6\\x08\\x0bv\\x1bAtG\\x00\\x00\\x00\\x8c}_tt\\xa3_t"
              }
            ],
            "repeated": 0,
            "id": 7305
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f569f0",
            "parentcaller": "0x76f57121",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd6A\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7306
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f59094",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "D\\xf3\\xe2\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00m\\x003\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7307
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f590d3",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0%\\xe6\\x04`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00a\\x00j\\x00e\\x00s\\x00h\\x00\\\\x00S\\x00a\\x00v\\x00e\\x00d\\x00 \\x00G\\x00a\\x00m\\x00e\\x00s\\x00\\\\x00d\\x00e\\x00s\\x00k\\x00t\\x00o\\x00p\\x00.\\x00i\\x00n\\x00"
              }
            ],
            "repeated": 0,
            "id": 7308
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f590f0",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7309
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f5912f",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x1cF\\xe6\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7310
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f59148",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7311
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f59183",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8c\\xfc\\xe3\\x04\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 7312
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f59210",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86_tX\\xa3_t\\x06\\x00\\x00\\x00D\\xa3_t`\\x00\\x00\\x00\\x88\\xfc\\xe3\\x04\\x00\\x00#\\x00\\x94\\xd4\\x88\\xd4\\x90\\x05\\x00\\x00\\xdc\\x07\\x00\\x00\\x00\\x00\\xdf\\x04#\\x00\\x00\\xc0\\x90\\x05\\x00\\x00\\xdc\\xd4\\x08\\x0b\\x83\\x91\\xf5v\\x90\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7313
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x76f5923e",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfgt\\xe4\\xc6\\xf8\\x06\\xdc\\x07\\xf3\\x06#\\x00\\x00\\xc0\\xbc\\xa9=t\\xfcz\\xa9^\\x84\\xcf\\x08\\x0b\\x90\\x05\\x00\\x00P\\xe0\\x08\\x0b\\x10\\xf4Tt8I\\xc1!\\xfe\\xff\\xff\\xff\\x94\\xd4\\x08\\x0bv\\x1bAtG\\x00\\x00\\x00\\x8c}_tt\\xa3_t"
              }
            ],
            "repeated": 0,
            "id": 7314
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x753bcd23",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              }
            ],
            "repeated": 0,
            "id": 7315
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x753bcd3c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 7316
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x757d409f",
            "parentcaller": "0x757d3fd2",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7317
          },
          {
            "timestamp": "2026-06-28 21:56:19,808",
            "thread_id": "3348",
            "caller": "0x75b94081",
            "parentcaller": "0x757d4069",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              }
            ],
            "repeated": 0,
            "id": 7318
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75ba5297",
            "parentcaller": "0x75150f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000594"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7588cf60"
              },
              {
                "name": "Parameter",
                "value": "0x04e648e8"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4500"
              },
              {
                "name": "ProcessId",
                "value": "3412"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 7319
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75ba5297",
            "parentcaller": "0x75150f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000594",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x7588cf60"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "Parameter",
                "value": "0x04e648e8"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "4500"
              }
            ],
            "repeated": 0,
            "id": 7320
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x757d4006",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7321
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f679e9",
            "parentcaller": "0x753bdc27",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7322
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x753bcc42",
            "parentcaller": "0x753bc651",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000594"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 7323
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x753bccd3",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7324
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f569f0",
            "parentcaller": "0x76f59426",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd6A\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7325
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59094",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xed\\xe2\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00y\\x00s\\x00W\\x00O\\x00W\\x006\\x004\\x00\\\\x00e\\x00d\\x00p\\x00u\\x00t\\x00i\\x00l\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7326
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590d3",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8-\\xe6\\x04`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7327
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590f0",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7328
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5912f",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb4I\\xe6\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7329
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59148",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7330
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "4500",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e6c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7331
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59210",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x86_tX\\xa3_t\\x06\\x00\\x00\\x00D\\xa3_t`\\x00\\x00\\x008\\x02\\xe4\\x04\\x00\\x00#\\x00\\xcc\\xd9\\xc0\\xd9\\x9c\\x05\\x00\\x00\\xdc\\x07\\x00\\x00\\x00\\x00\\xdf\\x04#\\x00\\x00\\xc0\\x9c\\x05\\x00\\x00\\x14\\xda\\x08\\x0b\\x83\\x91\\xf5v\\x9c\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7332
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5923e",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfgt\\xe4\\xc6\\xf8\\x06\\xdc\\x07\\xf3\\x06#\\x00\\x00\\xc0\\xbc\\xa9=t\\xc4w\\xa9^\\xbc\\xd4\\x08\\x0b\\x9c\\x05\\x00\\x00$\\xec\\x08\\x0b\\x10\\xf4Tt8I\\xc1!\\xfe\\xff\\xff\\xff\\xcc\\xd9\\x08\\x0bv\\x1bAtG\\x00\\x00\\x00\\x8c}_tt\\xa3_t"
              }
            ],
            "repeated": 0,
            "id": 7333
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f569f0",
            "parentcaller": "0x76f57121",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd6A\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7334
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59094",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x04\\xf7\\xe2\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00Y\\x00S\\x00T\\x00E\\x00M\\x003\\x002\\x00\\\\x00e\\x00d\\x00p\\x00u\\x00t\\x00i\\x00l\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7335
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590d3",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0.\\xe6\\x04`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7336
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590f0",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7337
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5912f",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4F\\xe6\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7338
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59148",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7339
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59183",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xec\\xfa\\xe3\\x04\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 7340
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59210",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86_tX\\xa3_t\\x06\\x00\\x00\\x00D\\xa3_t`\\x00\\x00\\x00\\xe8\\xfa\\xe3\\x04\\x00\\x00#\\x00\\xb4\\xd7\\xa8\\xd7\\x9c\\x05\\x00\\x00\\xdc\\x07\\x00\\x00\\x00\\x00\\xdf\\x04#\\x00\\x00\\xc0\\x9c\\x05\\x00\\x00\\xfc\\xd7\\x08\\x0b\\x83\\x91\\xf5v\\x9c\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7341
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5923e",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfgt\\xe4\\xc6\\xf8\\x06\\xdc\\x07\\xf3\\x06#\\x00\\x00\\xc0\\xbc\\xa9=t\\xdcy\\xa9^\\xa4\\xd2\\x08\\x0b\\x9c\\x05\\x00\\x00$\\xec\\x08\\x0b\\x10\\xf4Tt8I\\xc1!\\xfe\\xff\\xff\\xff\\xb4\\xd7\\x08\\x0bv\\x1bAtG\\x00\\x00\\x00\\x8c}_tt\\xa3_t"
              }
            ],
            "repeated": 0,
            "id": 7342
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x753bcd23",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7343
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x753bcd3c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7344
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f679e9",
            "parentcaller": "0x753bdc27",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7345
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x753bcc42",
            "parentcaller": "0x753bc651",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 7346
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x753bccd3",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7347
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f569f0",
            "parentcaller": "0x76f59426",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd6A\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7348
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59094",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "D\\xf3\\xe2\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00m\\x003\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7349
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590d3",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x980\\xe6\\x04`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00:\\x00\t\\x00\\x04\\x00\\xef\\xbe\\xdd\\/\\x1b\\xdc\\\\x08\\xaf.\\x00\\x00\\x00\\x1ae\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xf9\\xd1\\x00T\\x00e\\x00m\\x00p\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7350
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590f0",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7351
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5912f",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "TE\\xe6\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7352
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59148",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7353
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59183",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xec\\xfa\\xe3\\x04\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 7354
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59210",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86_tX\\xa3_t\\x06\\x00\\x00\\x00D\\xa3_t`\\x00\\x00\\x00\\xe8\\xfa\\xe3\\x04\\x00\\x00#\\x00\\xcc\\xd9\\xc0\\xd9\\x94\\x05\\x00\\x00\\xdc\\x07\\x00\\x00\\x00\\x00\\xdf\\x04#\\x00\\x00\\xc0\\x94\\x05\\x00\\x00\\x14\\xda\\x08\\x0b\\x83\\x91\\xf5v\\x94\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7355
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5923e",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfgt\\xe4\\xc6\\xf8\\x06\\xdc\\x07\\xf3\\x06#\\x00\\x00\\xc0\\xbc\\xa9=t\\xc4w\\xa9^\\xbc\\xd4\\x08\\x0b\\x94\\x05\\x00\\x00$\\xec\\x08\\x0b\\x10\\xf4Tt8I\\xc1!\\xfe\\xff\\xff\\xff\\xcc\\xd9\\x08\\x0bv\\x1bAtG\\x00\\x00\\x00\\x8c}_tt\\xa3_t"
              }
            ],
            "repeated": 0,
            "id": 7356
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f569f0",
            "parentcaller": "0x76f57121",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd6A\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7357
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59094",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x04\\xf7\\xe2\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00Y\\x00S\\x00T\\x00E\\x00M\\x003\\x002\\x00\\\\x00e\\x00d\\x00p\\x00u\\x00t\\x00i\\x00l\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7358
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590d3",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8)\\xe6\\x04`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00r\\x00s\\x00\\\\x00R\\x00a\\x00j\\x00e\\x00s\\x00h\\x00\\\\x00L\\x00i\\x00n\\x00k\\x00s\\x00\\\\x00d\\x00e\\x00s\\x00k\\x00t\\x00o\\x00p\\x00.\\x00i\\x00n\\x00i\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7359
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590f0",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7360
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5912f",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x14I\\xe6\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7361
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59148",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7362
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59183",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "<\\x02\\xe4\\x04\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 7363
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59210",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86_tX\\xa3_t\\x06\\x00\\x00\\x00D\\xa3_t`\\x00\\x00\\x008\\x02\\xe4\\x04\\x00\\x00#\\x00\\xb4\\xd7\\xa8\\xd7\\x94\\x05\\x00\\x00\\xdc\\x07\\x00\\x00\\x00\\x00\\xdf\\x04#\\x00\\x00\\xc0\\x94\\x05\\x00\\x00\\xfc\\xd7\\x08\\x0b\\x83\\x91\\xf5v\\x94\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7364
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5923e",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfgt\\xe4\\xc6\\xf8\\x06\\xdc\\x07\\xf3\\x06#\\x00\\x00\\xc0\\xbc\\xa9=t\\xdcy\\xa9^\\xa4\\xd2\\x08\\x0b\\x94\\x05\\x00\\x00$\\xec\\x08\\x0b\\x10\\xf4Tt8I\\xc1!\\xfe\\xff\\xff\\xff\\xb4\\xd7\\x08\\x0bv\\x1bAtG\\x00\\x00\\x00\\x8c}_tt\\xa3_t"
              }
            ],
            "repeated": 0,
            "id": 7365
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "4500",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 7366
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x753bcd3c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7367
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f679e9",
            "parentcaller": "0x753bdc27",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7368
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x753bcc42",
            "parentcaller": "0x753bc651",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000594"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 7369
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x753bccd3",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7370
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f569f0",
            "parentcaller": "0x76f59426",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd6A\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7371
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59094",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\xed\\xe2\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00y\\x00s\\x00W\\x00O\\x00W\\x006\\x004\\x00\\\\x00e\\x00d\\x00p\\x00u\\x00t\\x00i\\x00l\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7372
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590d3",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@0\\xe6\\x04`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00r\\x00s\\x00\\\\x00R\\x00a\\x00j\\x00e\\x00s\\x00h\\x00\\\\x00L\\x00i\\x00n\\x00k\\x00s\\x00\\\\x00d\\x00e\\x00s\\x00k\\x00t\\x00o\\x00p\\x00.\\x00i\\x00n\\x00i\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7373
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590f0",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7374
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5912f",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x04J\\xe6\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7375
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59148",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7376
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59183",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xbc\\xfb\\xe3\\x04\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 7377
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59210",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86_tX\\xa3_t\\x06\\x00\\x00\\x00D\\xa3_t`\\x00\\x00\\x00\\xb8\\xfb\\xe3\\x04\\x00\\x00#\\x00\\xcc\\xd9\\xc0\\xd9\\x9c\\x05\\x00\\x00\\xdc\\x07\\x00\\x00\\x00\\x00\\xdf\\x04#\\x00\\x00\\xc0\\x9c\\x05\\x00\\x00\\x14\\xda\\x08\\x0b\\x83\\x91\\xf5v\\x9c\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7378
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5923e",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfgt\\xe4\\xc6\\xf8\\x06\\xdc\\x07\\xf3\\x06#\\x00\\x00\\xc0\\xbc\\xa9=t\\xc4w\\xa9^\\xbc\\xd4\\x08\\x0b\\x9c\\x05\\x00\\x00$\\xec\\x08\\x0b\\x10\\xf4Tt8I\\xc1!\\xfe\\xff\\xff\\xff\\xcc\\xd9\\x08\\x0bv\\x1bAtG\\x00\\x00\\x00\\x8c}_tt\\xa3_t"
              }
            ],
            "repeated": 0,
            "id": 7379
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f569f0",
            "parentcaller": "0x76f57121",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd6A\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7380
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59094",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "D\\xf3\\xe2\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00m\\x003\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7381
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590d3",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00(\\xe6\\x04`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00r\\x00s\\x00\\\\x00R\\x00a\\x00j\\x00e\\x00s\\x00h\\x00\\\\x00L\\x00i\\x00n\\x00k\\x00s\\x00\\\\x00d\\x00e\\x00s\\x00k\\x00t\\x00o\\x00p\\x00.\\x00i\\x00n\\x00i\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7382
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590f0",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7383
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5912f",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x1cF\\xe6\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7384
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59148",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7385
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59183",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "<\\x02\\xe4\\x04\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 7386
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59210",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86_tX\\xa3_t\\x06\\x00\\x00\\x00D\\xa3_t`\\x00\\x00\\x008\\x02\\xe4\\x04\\x00\\x00#\\x00\\xb4\\xd7\\xa8\\xd7\\x9c\\x05\\x00\\x00\\xdc\\x07\\x00\\x00\\x00\\x00\\xdf\\x04#\\x00\\x00\\xc0\\x9c\\x05\\x00\\x00\\xfc\\xd7\\x08\\x0b\\x83\\x91\\xf5v\\x9c\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7387
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5923e",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfgt\\xe4\\xc6\\xf8\\x06\\xdc\\x07\\xf3\\x06#\\x00\\x00\\xc0\\xbc\\xa9=t\\xdcy\\xa9^\\xa4\\xd2\\x08\\x0b\\x9c\\x05\\x00\\x00$\\xec\\x08\\x0b\\x10\\xf4Tt8I\\xc1!\\xfe\\xff\\xff\\xff\\xb4\\xd7\\x08\\x0bv\\x1bAtG\\x00\\x00\\x00\\x8c}_tt\\xa3_t"
              }
            ],
            "repeated": 0,
            "id": 7388
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x753bcd23",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7389
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x753bcd3c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7390
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f679e9",
            "parentcaller": "0x753bdc27",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7391
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x753bcc42",
            "parentcaller": "0x753bc651",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 7392
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x753bccd3",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7393
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f569f0",
            "parentcaller": "0x76f59426",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd6A\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7394
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59094",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "D\\xee\\xe2\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00b\\xee\\xe2\\x04@\\xee\\xe2\\x04d\\xee\\xe2\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00LMEM8\\x00\\x00\\x00\\xb0\\xdc\\x08\\x0b ,\\xee\\x04"
              }
            ],
            "repeated": 0,
            "id": 7395
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590d3",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`)\\xe6\\x04`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00a\\x00j\\x00e\\x00s\\x00h\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7396
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590f0",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7397
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5912f",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x84G\\xe6\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7398
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59148",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7399
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59183",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "<\\x02\\xe4\\x04\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 7400
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59210",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86_tX\\xa3_t\\x06\\x00\\x00\\x00D\\xa3_t`\\x00\\x00\\x008\\x02\\xe4\\x04\\x00\\x00#\\x00\\xcc\\xd9\\xc0\\xd9\\x94\\x05\\x00\\x00\\xdc\\x07\\x00\\x00\\x00\\x00\\xdf\\x04#\\x00\\x00\\xc0\\x94\\x05\\x00\\x00\\x14\\xda\\x08\\x0b\\x83\\x91\\xf5v\\x94\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7401
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5923e",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfgt\\xe4\\xc6\\xf8\\x06\\xdc\\x07\\xf3\\x06#\\x00\\x00\\xc0\\xbc\\xa9=t\\xc4w\\xa9^\\xbc\\xd4\\x08\\x0b\\x94\\x05\\x00\\x00$\\xec\\x08\\x0b\\x10\\xf4Tt8I\\xc1!\\xfe\\xff\\xff\\xff\\xcc\\xd9\\x08\\x0bv\\x1bAtG\\x00\\x00\\x00\\x8c}_tt\\xa3_t"
              }
            ],
            "repeated": 0,
            "id": 7402
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f569f0",
            "parentcaller": "0x76f57121",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd6A\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7403
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59094",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x04\\xf7\\xe2\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00Y\\x00S\\x00T\\x00E\\x00M\\x003\\x002\\x00\\\\x00e\\x00d\\x00p\\x00u\\x00t\\x00i\\x00l\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7404
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590d3",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0.\\xe6\\x04`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00r\\x00s\\x00\\\\x00R\\x00a\\x00j\\x00e\\x00s\\x00h\\x00\\\\x00L\\x00i\\x00n\\x00k\\x00s\\x00\\\\x00d\\x00e\\x00s\\x00k\\x00t\\x00o\\x00p\\x00.\\x00i\\x00n\\x00i\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7405
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f590f0",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7406
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5912f",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x94F\\xe6\\x04\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7407
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59148",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7408
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59183",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xec\\xfa\\xe3\\x04\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 7409
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f59210",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86_tX\\xa3_t\\x06\\x00\\x00\\x00D\\xa3_t`\\x00\\x00\\x00\\xe8\\xfa\\xe3\\x04\\x00\\x00#\\x00\\xb4\\xd7\\xa8\\xd7\\x94\\x05\\x00\\x00\\xdc\\x07\\x00\\x00\\x00\\x00\\xdf\\x04#\\x00\\x00\\xc0\\x94\\x05\\x00\\x00\\xfc\\xd7\\x08\\x0b\\x83\\x91\\xf5v\\x94\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7410
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f5923e",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfgt\\xe4\\xc6\\xf8\\x06\\xdc\\x07\\xf3\\x06#\\x00\\x00\\xc0\\xbc\\xa9=t\\xdcy\\xa9^\\xa4\\xd2\\x08\\x0b\\x94\\x05\\x00\\x00$\\xec\\x08\\x0b\\x10\\xf4Tt8I\\xc1!\\xfe\\xff\\xff\\xff\\xb4\\xd7\\x08\\x0bv\\x1bAtG\\x00\\x00\\x00\\x8c}_tt\\xa3_t"
              }
            ],
            "repeated": 0,
            "id": 7411
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x753bcd23",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 7412
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x753bcd3c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 7413
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f679e9",
            "parentcaller": "0x757d2567",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7414
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e6d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7415
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2856",
            "caller": "0x75b9fd84",
            "parentcaller": "0x753ca7ea",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000059c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 7416
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e6f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7417
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7418
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7419
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x73763d19",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 7420
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x73763b2b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 7421
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x73763aaa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 7422
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x73763bea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 7423
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x73762ffe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 7424
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b8fb07",
            "parentcaller": "0x7374564c",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:3412:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7425
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x737455b5",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7426
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7427
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ac"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7428
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x737476b6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ac"
              }
            ],
            "repeated": 0,
            "id": 7429
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b94290",
            "parentcaller": "0x737455e8",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 1,
            "id": 7430
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b8fb07",
            "parentcaller": "0x737454c7",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:3412:64:WilError_03"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7431
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x737455b5",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7432
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7433
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ac"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7434
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x737476b6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ac"
              }
            ],
            "repeated": 0,
            "id": 7435
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b94290",
            "parentcaller": "0x737455e8",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 1,
            "id": 7436
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7437
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7438
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75ba4eeb",
            "parentcaller": "0x75608c21",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 7439
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75ba5297",
            "parentcaller": "0x75150f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000005b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x755fcda0"
              },
              {
                "name": "Parameter",
                "value": "0x06ab7788"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "2368"
              },
              {
                "name": "ProcessId",
                "value": "3412"
              },
              {
                "name": "Module",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 7440
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75ba5297",
            "parentcaller": "0x75150f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000005b4",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x755fcda0"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "Parameter",
                "value": "0x06ab7788"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "2368"
              }
            ],
            "repeated": 0,
            "id": 7441
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75babca3",
            "parentcaller": "0x755fcd13",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000005b4"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "2368"
              },
              {
                "name": "ProcessId",
                "value": "3412"
              }
            ],
            "repeated": 0,
            "id": 7442
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x75623c8a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 7443
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x75609b9f",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7444
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7445
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7446
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 7447
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7560a1ce",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b0"
              }
            ],
            "repeated": 0,
            "id": 7448
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x756090b3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 7449
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75ba4eeb",
            "parentcaller": "0x7562f035",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x000\\xa4\\x00T\r\\x00\\x00@\t\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2368"
              }
            ],
            "repeated": 0,
            "id": 7450
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7451
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7452
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7453
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737d4000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7454
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75888234",
            "parentcaller": "0x758863b8",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\WindowsRuntime"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime"
              }
            ],
            "repeated": 0,
            "id": 7455
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75888234",
            "parentcaller": "0x75831959",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 7456
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x758817d7",
            "parentcaller": "0x75831999",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005bc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Internal.StateRepository.FileTypeAssociation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation"
              }
            ],
            "repeated": 0,
            "id": 7457
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75881887",
            "parentcaller": "0x75881832",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c0"
              },
              {
                "name": "KeyInformation",
                "value": "y\\x1f\\x10\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00h\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00F\\x00i\\x00l\\x00e\\x00T\\x00y\\x00p\\x00e\\x00A\\x00s\\x00s\\x00o\\x00c\\x00i\\x00a\\x00t\\x00i\\x00o\\x00n\\x00L\\xffee\\xffca\t\\xffde]\\xfff4vT\\xfff3\\xffe2\\x04\\xffde]\\xfff4v\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xfffb\\xffe4\\x04\\x18\\xfffb\\xffe4\\x04\\x10I\\xffe6\\x04\\x18\\xfffb\\xffe4\\x04\\xff98\\xffee\\xffca\t\\xff84\\x00@t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 @k\\4\\xff82\\xff88u\\x00\\x00\\x00\\x00\\xffb8c\\xff88u<\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffc0\\xffee\\xffca\t\\xff84\\x00@t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00x@k\\4\\xff82\\xff88u\\x00\\x00\\x00\\x00Y\\x19\\xff83u>\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\x00\\x00\\xffcb\t\\x00\\x00\\x00\\x00\\xff88\\xffee\\xffca\t/\\xffde?t\\\\xfff9\\xffca\t4\\xff82\\xff88u\\xffd8\\xffbcatY\\x19\\xff83u\\x00\\xffef\\xffca\t\\xffa6\\xffe4?t\\xffd8%_tP@k\\(\\xffea\\xffca\t\\xffd8\\xffbcat\\\\xfff9\\xffca\t\\x10\\xfff4Tt8I\\xffc1!\\xfffe\\xffff\\xffff\\xffffL\\xffef\\xffca\t\\xffdfjAt\\x18\\x00\\x00\\x00\\xffa8\\xffac_t\\xffa0\\xffb2_t\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff99\\xffb2_t\\xffbc\\xffb1_t\\x08\\x00\\xffe6\\x04\\xffd8h_t\\x19\\x01\\x02\\x00d\\xffb2_t\\xffb4\\x05\\x00\\x00L\\xffb2_t\\xffa0\\xffef\\xffca\t\\xffc9\\xff9f\\x02~\\x00&\\xffe5\\x04\\xffb4\\x05\\x00\\x00\\x08\\x00\\xffe6\\x04\\x08\\x00\\x00\\x00(\\xffef\\xffca\t\\x00&\\xffe5\\x04\\\\xfff9\\xffca\t@\\xffad\\xfff7v5\\xffb5\\xffc8\\x00\\xfffe\\xffff\\xffff\\xffff\\xff84\\xffef\\xffca\t;\\xff82\\xff88u\\x00\\x00\\x00\\x00\\xffb4\\x05\\x00\\x00 F\\xffe6\\x04\\x18\\x00\\x00\\x00\\xffb4\\x05\\x00\\x00\\xffa0\\xffef\\xffca\t@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0b\\xff88u\\xffb8\\xffef\\xffca\tY\\x19\\xff83u\\x19\\x01\\x02\\x00\\x08\\x00\\xffe6\\x04\\x00c\\xff88u\\x00\\x00\\xffe6\\x04\\x18I\\xffe6\\x04$\\x00&\\x00\\x18&\\xffe5\\x04\\xffd4\\xffef\\xffca\t@\\xffa0\\xff82u\\x00B\\xff89u\\x18F\\xffe6\\x04\\xffcc\\xffef\\xffca\t\\x1cc\\xff88u"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7458
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005c0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CustomAttributes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 7459
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7460
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              }
            ],
            "repeated": 0,
            "id": 7461
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75888234",
            "parentcaller": "0x75831959",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005b4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server"
              }
            ],
            "repeated": 0,
            "id": 7462
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x758817d7",
            "parentcaller": "0x75831999",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005c4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "StateRepository"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository"
              }
            ],
            "repeated": 0,
            "id": 7463
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75881887",
            "parentcaller": "0x75881832",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffcek|\\xffd3\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00\\x00\\x00\\xffb4\\x1f\\xffe5\\x04p\\x1f\\xffe5\\x04\\xfff8D\\xffe6\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff9a\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\xff9a\\x00\\xffcc\\x01\\xff9a\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00t\n\\xff9a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffdf\\x04p\n\\xff9a\\x00\\x08\\xffbfat4\\xffeb\\xffca\t\\xffde]\\xfff4v\\x14\\xfff7\\xffe2\\x04\\xffde]\\xfff4v\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 '\\xffe5\\x04 '\\xffe5\\x04\\xffe0F\\xffe6\\x04 '\\xffe5\\x04\\xffad[\\xff91u\\xffc0\\xffec\\xffca\t\\xff93\\x0c\\xff83u\\xffa0\\xffff\\xffe5\\x04`\t\\xff83u\\x00\\xfff7\\xffe2\\x04\\xfff4\\x0c\\xff83u\\xffac\\xffeb\\xffca\t\\xffda6Ht\\x00\\xfff7\\xffe2\\x04\\xffa8\\xffeb\\xffca\t\\xff84\\x00@t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10Ek\\4\\xff82\\xff88u\\x00\\x00\\x00\\x00Y\\x19\\xff83u9\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\x00\\x00\\xffcb\t\\x00\\x00\\x00\\x00p\\xffeb\\xffca\t/\\xffde?t\\\\xfff9\\xffca\t4\\xff82\\xff88u\\xffd8\\xffbcatY\\x19\\xff83u\\xffe8\\xffeb\\xffca\t\\xffa6\\xffe4?t\\xffd8%_thEk\\\\x10\\xffe7\\xffca\t\\xffd8\\xffbcat\\\\xfff9\\xffca\t\\x10\\xfff4Tt8I\\xffc1!\\xfffe\\xffff\\xffff\\xffff4\\xffec\\xffca\t\\xffdfjAt\\x18\\x00\\x00\\x00\\xffa8\\xffac_t\\xffa0\\xffb2_t\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff99\\xffb2_t\\xffbc\\xffb1_t\\xffa8\\xffff\\xffe5\\x04\\xffd8h_t\\x19\\x01\\x02\\x00d\\xffb2_t\\xffb4\\x05\\x00\\x00L\\xffb2_t\\xff88\\xffec\\xffca\t\\xffa1\\xff9c\\x02~@\\xffff\\xffe5\\x04\\xffb4\\x05\\x00\\x00\\xffa8\\xffff\\xffe5\\x04\\xffa8\\xffff\\x00\\x00\\x10\\xffec\\xffca\t@\\xffff\\xffe5\\x04\\\\xfff9\\xffca\t@\\xffad\\xfff7v5\\xffb5\\xffc8\\x00\\xfffe\\xffff\\xffff\\xffffl\\xffec\\xffca\t;\\xff82\\xff88u\\x00\\x00\\x00\\x00\\xffb4\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xffb4\\x05\\x00\\x00\\xff88\\xffec\\xffca\t@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff84\\xffec\\xffca\t\\xffa0\\xffec\\xffca\tY\\x19\\xff83u\\x19\\x01\\x02\\x00\\xffa8\\xffff\\xffe5\\x04\\x00c\\xff88u\\xffa0\\xffff\\xffe5\\x04\\xffe8F\\xffe6\\x04\\x0c\\x00\\x0e\\x00X\\xffff\\xffe5\\x04xCvu\\xfff8\\xfffe\\xffe2\\x04\\xffd0\\x17\\xff83u\\x0c\\x18\\xff9au\\xffb4\\xffec\\xffca\t\\x1cc\\xff88u"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7464
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005c8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CustomAttributes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 7465
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x7582b908",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 7466
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x7582b908",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c0"
              }
            ],
            "repeated": 0,
            "id": 7467
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75b9fd84",
            "parentcaller": "0x753ca7ea",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 7468
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x753bb942",
            "parentcaller": "0x753bb8d6",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7469
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e71000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7470
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75b8f11f",
            "parentcaller": "0x75817b2e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              }
            ],
            "repeated": 0,
            "id": 7471
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75817b40",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetMarshalSizeMax"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75811580"
              }
            ],
            "repeated": 0,
            "id": 7472
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75817b51",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75845790"
              }
            ],
            "repeated": 0,
            "id": 7473
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75817b62",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75844230"
              }
            ],
            "repeated": 0,
            "id": 7474
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75817b73",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75818970"
              }
            ],
            "repeated": 0,
            "id": 7475
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e72000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7476
          },
          {
            "timestamp": "2026-06-28 21:56:19,824",
            "thread_id": "2368",
            "caller": "0x75b9fd84",
            "parentcaller": "0x758525c3",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005d4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 7477
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75bab09e",
            "parentcaller": "0x75b9491b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7478
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8fb07",
            "parentcaller": "0x75babec1",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7479
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b94155",
            "parentcaller": "0x75b944d3",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 7480
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b940c6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 7481
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75bab09e",
            "parentcaller": "0x75b94234",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7482
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b94290",
            "parentcaller": "0x75b94270",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 7483
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75889b35",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75845790"
              }
            ],
            "repeated": 0,
            "id": 7484
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75889b53",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75844230"
              }
            ],
            "repeated": 0,
            "id": 7485
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75889b71",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x757cb600"
              }
            ],
            "repeated": 0,
            "id": 7486
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75889b8b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75866660"
              }
            ],
            "repeated": 0,
            "id": 7487
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75889ba5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75866b20"
              }
            ],
            "repeated": 0,
            "id": 7488
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75889bbf",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7583c970"
              }
            ],
            "repeated": 0,
            "id": 7489
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75889bd9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75818970"
              }
            ],
            "repeated": 0,
            "id": 7490
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x758899e4",
            "parentcaller": "0x76f3101f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000032A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000149-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7491
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7492
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7493
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7494
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}"
              }
            ],
            "repeated": 0,
            "id": 7495
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}"
              }
            ],
            "repeated": 0,
            "id": 7496
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7497
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7498
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xd8\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00D\\xd9\\xf4\\xd8\\xe8\\xd8\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\x90\\xdb\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7499
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 7500
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 7501
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7502
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7503
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xd8\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x1c\\xd9\\xcc\\xd8\\xc0\\xd8\\xe2\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02h\\xdb\\xca\t\\xbc^\\xb8u\\xe2\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7504
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 7505
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x7580fd35",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e2"
              }
            ],
            "repeated": 0,
            "id": 7506
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x7580fd41",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005de"
              }
            ],
            "repeated": 0,
            "id": 7507
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7508
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7509
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000035a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 7510
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 7511
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7512
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7513
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xcd\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xc4\\xcdt\\xcdh\\xcd\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\xd0\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7514
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 7515
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 7516
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x757fcbd0",
            "parentcaller": "0x757fcb80",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 7517
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7518
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xcc\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xac\\xcc\\\\xccP\\xcc\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xf8\\xce\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7519
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 7520
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7521
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7522
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xcb\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x84\\xcc4\\xcc(\\xcc\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd0\\xce\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7523
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 7524
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7525
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7526
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xcb\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x84\\xcc4\\xcc(\\xcc\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd0\\xce\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7527
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 7528
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7529
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7530
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xcc\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x14\\xcd\\xc4\\xcc\\xb8\\xcc\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00`\\xcf\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7531
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 7532
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 7533
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7534
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7535
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xcb\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xcc\\xdc\\xcb\\xd0\\xcb\\xe2\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xce\\xca\t\\xbc^\\xb8u\\xe2\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7536
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7537
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7538
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7539
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xcb\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xcc\\x04\\xcc\\xf8\\xcb\\xe2\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xce\\xca\t\\xbc^\\xb8u\\xe2\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7540
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7541
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7542
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7543
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xcb\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xcc\\x04\\xcc\\xf8\\xcb\\xe2\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xce\\xca\t\\xbc^\\xb8u\\xe2\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7544
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7545
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7546
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7547
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xcb\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x0c\\xcc\\xbc\\xcb\\xb0\\xcb\\xe2\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02X\\xce\\xca\t\\xbc^\\xb8u\\xe2\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7548
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7549
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x757fd74c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e2"
              }
            ],
            "repeated": 0,
            "id": 7550
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7551
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7552
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xcc\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xac\\xcc\\\\xccP\\xcc\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf8\\xce\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7553
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 7554
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 7555
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7556
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7557
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xcc\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xac\\xcc\\\\xccP\\xcc\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf8\\xce\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7558
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 7559
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 7560
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x757fc97c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005de"
              }
            ],
            "repeated": 0,
            "id": 7561
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7562
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7563
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7564
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7565
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000035a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 7566
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 7567
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7568
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7569
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc8\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xc9\\x1c\\xc9\\x10\\xc9\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb8\\xcb\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7570
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 7571
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 7572
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x757fcbd0",
            "parentcaller": "0x757fcb80",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 7573
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7574
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc7\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xc8\\x04\\xc8\\xf8\\xc7\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xca\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7575
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 7576
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7577
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7578
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc7\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xc8\\xdc\\xc7\\xd0\\xc7\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xca\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7579
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 7580
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7581
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7582
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc7\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xc8\\xdc\\xc7\\xd0\\xc7\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xca\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7583
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 7584
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7585
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7586
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xc8\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xbc\\xc8l\\xc8`\\xc8\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\x08\\xcb\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7587
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 7588
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 7589
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7590
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7591
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xc7\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xc7\\x84\\xc7x\\xc7\\xe2\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xca\\xca\t\\xbc^\\xb8u\\xe2\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7592
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7593
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7594
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7595
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc7\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xc7\\xac\\xc7\\xa0\\xc7\\xe2\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xca\\xca\t\\xbc^\\xb8u\\xe2\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7596
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7597
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7598
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7599
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc7\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xc7\\xac\\xc7\\xa0\\xc7\\xe2\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xca\\xca\t\\xbc^\\xb8u\\xe2\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7600
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7601
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7602
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7603
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "(\\xc7\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xb4\\xc7d\\xc7X\\xc7\\xe2\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xca\\xca\t\\xbc^\\xb8u\\xe2\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7604
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 7605
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x757fd74c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e2"
              }
            ],
            "repeated": 0,
            "id": 7606
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7607
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7608
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc7\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xc8\\x04\\xc8\\xf8\\xc7\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xa0\\xca\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7609
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 7610
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 7611
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7612
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7613
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xc7\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xc8\\x04\\xc8\\xf8\\xc7\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xa0\\xca\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7614
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 7615
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 7616
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7617
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7618
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xc7\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x04\\xc8\\xb4\\xc7\\xa8\\xc7\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00P\\xca\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7619
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 7620
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 7621
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7622
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7623
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xc6\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x84\\xc74\\xc7(\\xc7\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd0\\xc9\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7624
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              }
            ],
            "repeated": 0,
            "id": 7625
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7626
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7627
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xc7\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xbc\\xc7l\\xc7`\\xc7\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x08\\xca\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7628
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 7629
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 7630
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7631
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7632
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000035a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 7633
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 7634
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7635
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7636
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xc8\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xbc\\xc8l\\xc8`\\xc8\\xe2\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\x08\\xcb\\xca\t\\xbc^\\xb8u\\xe2\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7637
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 7638
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005e2"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Elevation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 7639
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x7587cad3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e2"
              }
            ],
            "repeated": 0,
            "id": 7640
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x757fc97c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005de"
              }
            ],
            "repeated": 0,
            "id": 7641
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7642
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7643
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 7644
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 7645
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7646
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7647
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xd6\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xe4\\xd6\\x94\\xd6\\x88\\xd6\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x000\\xd9\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7648
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 7649
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 7650
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x758117e8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005de"
              }
            ],
            "repeated": 0,
            "id": 7651
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7652
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7653
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS"
              },
              {
                "name": "DllBase",
                "value": "0x73640000"
              }
            ],
            "repeated": 0,
            "id": 7654
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73640000"
              }
            ],
            "repeated": 0,
            "id": 7655
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75826101",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73640000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x736bc840"
              }
            ],
            "repeated": 0,
            "id": 7656
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75826113",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73640000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 7657
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75826130",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73640000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x736bc820"
              }
            ],
            "repeated": 0,
            "id": 7658
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7659
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7660
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              }
            ],
            "repeated": 0,
            "id": 7661
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              }
            ],
            "repeated": 0,
            "id": 7662
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7663
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7664
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xd8\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x04\\xd9\\xb4\\xd8\\xa8\\xd8\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00P\\xdb\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7665
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 7666
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 7667
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7668
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7669
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xd8\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xdc\\xd8\\x8c\\xd8\\x80\\xd8\\xe2\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02(\\xdb\\xca\t\\xbc^\\xb8u\\xe2\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7670
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 7671
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x7580fd35",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e2"
              }
            ],
            "repeated": 0,
            "id": 7672
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x7580fd41",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005de"
              }
            ],
            "repeated": 0,
            "id": 7673
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x758383c5",
            "parentcaller": "0x75838242",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7674
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f561ea",
            "parentcaller": "0x75ba9549",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 7675
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f56211",
            "parentcaller": "0x75ba9549",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e0"
              }
            ],
            "repeated": 0,
            "id": 7676
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x753bb942",
            "parentcaller": "0x753bb8d6",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7677
          },
          {
            "timestamp": "2026-06-28 21:56:19,840",
            "thread_id": "2368",
            "caller": "0x76f679e9",
            "parentcaller": "0x753bdc27",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7678
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7679
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7680
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}"
              }
            ],
            "repeated": 0,
            "id": 7681
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}"
              }
            ],
            "repeated": 0,
            "id": 7682
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7683
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005de"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7684
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xdf\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x84\\xe04\\xe0(\\xe0\\xde\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\xd0\\xe2\\xca\t\\xbc^\\xb8u\\xde\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7685
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 7686
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005de"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 7687
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7688
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e6"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7689
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xdf\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\\\xe0\\x0c\\xe0\\x00\\xe0\\xe6\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa8\\xe2\\xca\t\\xbc^\\xb8u\\xe6\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7690
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 7691
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x7580fd35",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e6"
              }
            ],
            "repeated": 0,
            "id": 7692
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x7580fd41",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005de"
              }
            ],
            "repeated": 0,
            "id": 7693
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7694
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7695
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x75ba4eeb",
            "parentcaller": "0x755fd75f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x000\\xa4\\x00T\r\\x00\\x00@\t\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2368"
              }
            ],
            "repeated": 0,
            "id": 7696
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7697
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7565c000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7698
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "2368",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7565c000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7699
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers"
              }
            ],
            "repeated": 0,
            "id": 7700
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 7701
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7702
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe"
              }
            ],
            "repeated": 0,
            "id": 7703
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 7704
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7705
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7706
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7707
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties"
              }
            ],
            "repeated": 0,
            "id": 7708
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties"
              }
            ],
            "repeated": 0,
            "id": 7709
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7710
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7711
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7712
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              }
            ],
            "repeated": 0,
            "id": 7713
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              }
            ],
            "repeated": 0,
            "id": 7714
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7715
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7716
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xe9\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x84\\xea4\\xea(\\xea\\xea\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd0\\xec\\x08\\x0b\\xbc^\\xb8u\\xea\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7717
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              }
            ],
            "repeated": 0,
            "id": 7718
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7719
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7720
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xe9\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x84\\xea4\\xea(\\xea\\xea\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd0\\xec\\x08\\x0b\\xbc^\\xb8u\\xea\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7721
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              }
            ],
            "repeated": 0,
            "id": 7722
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7723
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7724
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7725
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              }
            ],
            "repeated": 0,
            "id": 7726
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              }
            ],
            "repeated": 0,
            "id": 7727
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7728
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7729
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xe9\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x84\\xea4\\xea(\\xea\\xea\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd0\\xec\\x08\\x0b\\xbc^\\xb8u\\xea\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7730
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              }
            ],
            "repeated": 0,
            "id": 7731
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7732
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7733
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xe9\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x84\\xea4\\xea(\\xea\\xea\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xd0\\xec\\x08\\x0b\\xbc^\\xb8u\\xea\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7734
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              }
            ],
            "repeated": 0,
            "id": 7735
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7489218a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ea"
              }
            ],
            "repeated": 0,
            "id": 7736
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7737
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 7738
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b84343",
            "parentcaller": "0x75b84121",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd0\\x14\\xffde$\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 7739
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7481bdff",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 7740
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x73759a5f",
            "parentcaller": "0x747e9d08",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7741
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7742
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 7743
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b84343",
            "parentcaller": "0x75b84121",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd0\\x14\\xffde$\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 7744
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x748129da",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 7745
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7746
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7747
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xe7\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xcc\\xe7|\\xe7p\\xe7r\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x18\\xea\\x08\\x0b\\xbc^\\xb8ur\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7748
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 7749
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7750
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7751
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xf0\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x8c\\xf0<\\xf00\\xf0r\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd8\\xf2\\x08\\x0b\\xbc^\\xb8ur\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7752
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\Application"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\Application"
              }
            ],
            "repeated": 0,
            "id": 7753
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000572"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Application"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Application"
              }
            ],
            "repeated": 0,
            "id": 7754
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x76f5106f",
            "parentcaller": "0x76f4f009",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "urlmon.dll"
              }
            ],
            "repeated": 0,
            "id": 7755
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x76f5210c",
            "parentcaller": "0x76f52016",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\urlmon.dll"
              }
            ],
            "repeated": 0,
            "id": 7756
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x76f5e5df",
            "parentcaller": "0x76f5e32b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\urlmon.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 7757
          },
          {
            "timestamp": "2026-06-28 21:56:19,855",
            "thread_id": "3348",
            "caller": "0x76f5e61c",
            "parentcaller": "0x76f5e32b",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000005e8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\urlmon.dll"
              }
            ],
            "repeated": 0,
            "id": 7758
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73490000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x001a8000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7759
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f4ffdf",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735d3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7760
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f50087",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735cf000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7761
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f500b5",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735cf000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7762
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7763
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7764
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735cf000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7765
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f5106f",
            "parentcaller": "0x76f4f009",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "srvcli.dll"
              }
            ],
            "repeated": 0,
            "id": 7766
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f5106f",
            "parentcaller": "0x76f4f009",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "netutils.dll"
              }
            ],
            "repeated": 0,
            "id": 7767
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f5e670",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ec"
              }
            ],
            "repeated": 0,
            "id": 7768
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f5e678",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 7769
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f5210c",
            "parentcaller": "0x76f52016",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\srvcli.dll"
              }
            ],
            "repeated": 0,
            "id": 7770
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f5e5df",
            "parentcaller": "0x76f5e32b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\srvcli.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 7771
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f5e61c",
            "parentcaller": "0x76f5e32b",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000005e8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\srvcli.dll"
              }
            ],
            "repeated": 0,
            "id": 7772
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73470000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0001d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7773
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f4ffdf",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7348a000"
              },
              {
                "name": "ModuleName",
                "value": "srvcli.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7774
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f50087",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73489000"
              },
              {
                "name": "ModuleName",
                "value": "srvcli.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7775
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f500b5",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73489000"
              },
              {
                "name": "ModuleName",
                "value": "srvcli.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7776
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7777
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7778
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73489000"
              },
              {
                "name": "ModuleName",
                "value": "srvcli.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7779
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f5e670",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ec"
              }
            ],
            "repeated": 0,
            "id": 7780
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f5e678",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 7781
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f5210c",
            "parentcaller": "0x76f52016",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\netutils.dll"
              }
            ],
            "repeated": 0,
            "id": 7782
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f5e5df",
            "parentcaller": "0x76f5e32b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\netutils.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 7783
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f5e61c",
            "parentcaller": "0x76f5e32b",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000005e8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\netutils.dll"
              }
            ],
            "repeated": 0,
            "id": 7784
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73460000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7785
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f50087",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73468000"
              },
              {
                "name": "ModuleName",
                "value": "netutils.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7786
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f500b5",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73468000"
              },
              {
                "name": "ModuleName",
                "value": "netutils.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7787
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7788
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7789
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73468000"
              },
              {
                "name": "ModuleName",
                "value": "netutils.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7790
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f5e670",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ec"
              }
            ],
            "repeated": 0,
            "id": 7791
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f5e678",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 7792
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73489000"
              },
              {
                "name": "ModuleName",
                "value": "srvcli.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7793
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735cf000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7794
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f50eba",
            "parentcaller": "0x76f50d02",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00R\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00a\\x00t\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00c\\x00a\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00c\\x00r\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00t\\x00\\\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00o\\x00w\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00c\\x00h\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00v\\x00e\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00n\\x00s\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7795
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73468000"
              },
              {
                "name": "ModuleName",
                "value": "netutils.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7796
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\srvcli"
              },
              {
                "name": "DllBase",
                "value": "0x73470000"
              }
            ],
            "repeated": 0,
            "id": 7797
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\netutils"
              },
              {
                "name": "DllBase",
                "value": "0x73460000"
              }
            ],
            "repeated": 0,
            "id": 7798
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\urlmon"
              },
              {
                "name": "DllBase",
                "value": "0x73490000"
              }
            ],
            "repeated": 0,
            "id": 7799
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7800
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters"
              }
            ],
            "repeated": 0,
            "id": 7801
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73474433",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 7802
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73474433",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\srvcli"
              },
              {
                "name": "BaseAddress",
                "value": "0x73470000"
              },
              {
                "name": "InitRoutine",
                "value": "0x73474cb0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7803
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f4dd42",
            "parentcaller": "0x76f51843",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\netutils"
              },
              {
                "name": "BaseAddress",
                "value": "0x73460000"
              },
              {
                "name": "InitRoutine",
                "value": "0x73462d00"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7804
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06ab8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7805
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b8f11f",
            "parentcaller": "0x734b684d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 7806
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x734b6868",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlIsMultiSessionSku"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f2d810"
              }
            ],
            "repeated": 0,
            "id": 7807
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735d3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7808
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735d3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7809
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\urlmon"
              },
              {
                "name": "BaseAddress",
                "value": "0x73490000"
              },
              {
                "name": "InitRoutine",
                "value": "0x73513170"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7810
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7811
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7812
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73fa79f9",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 7813
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x73fa7a0f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlGetDeviceFamilyInfoEnum"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6b9c0"
              }
            ],
            "repeated": 0,
            "id": 7814
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f6ba44",
            "parentcaller": "0x73fa7a2a",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Kernel-OneCore-DeviceFamilyID"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 7815
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b8f218",
            "parentcaller": "0x73fa7acb",
            "category": "process",
            "api": "NtOpenProcess",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "3412"
              }
            ],
            "repeated": 0,
            "id": 7816
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7400b000"
              },
              {
                "name": "ModuleName",
                "value": "iertutil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7817
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7400b000"
              },
              {
                "name": "ModuleName",
                "value": "iertutil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7818
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x73fa7ba2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 7819
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x73fb19be",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7820
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x73fb19f3",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00B\\xe6\\x04`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7821
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x73fa7bc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 7822
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b8f218",
            "parentcaller": "0x73fa7acb",
            "category": "process",
            "api": "NtOpenProcess",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "3412"
              }
            ],
            "repeated": 0,
            "id": 7823
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x73fb2b67",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 7824
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x73fb2b80",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "t\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00T\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbc\\xef\\x08\\x0b\\xcbz\\xfas\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xfaz\\xfas\\x00\\x00\\x00\\x00\\xa8:\\x00t"
              }
            ],
            "repeated": 0,
            "id": 7825
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x73fb2bac",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 7826
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x73fa7018",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 7827
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x73fa702d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "IsImmersiveProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d62930"
              }
            ],
            "repeated": 0,
            "id": 7828
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75ba86f8",
            "parentcaller": "0x73fa7d4d",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "182"
              }
            ],
            "repeated": 0,
            "id": 7829
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x73fa7e0d",
            "parentcaller": "0x73fa7d9b",
            "category": "filesystem",
            "api": "GetDiskFreeSpaceExW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Windows\\system32"
              }
            ],
            "repeated": 0,
            "id": 7830
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x73fa7ed2",
            "parentcaller": "0x73fa7e95",
            "category": "filesystem",
            "api": "GetDiskFreeSpaceExW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Windows"
              }
            ],
            "repeated": 0,
            "id": 7831
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x73fa9085",
            "parentcaller": "0x73fabce6",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "35"
              }
            ],
            "repeated": 0,
            "id": 7832
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7833
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer\\Main"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main"
              }
            ],
            "repeated": 0,
            "id": 7834
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7835
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer\\Main"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main"
              }
            ],
            "repeated": 0,
            "id": 7836
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 7837
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x73fa7ba2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 7838
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x73fb19be",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7839
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x73fb19f3",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " C\\xe6\\x04`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7840
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x73fa7bc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 7841
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x73fa8958",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 7842
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x73fa6921",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7843
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x73fa898f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 7844
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7845
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 7846
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7847
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000060c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 7848
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7849
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\Main"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main"
              }
            ],
            "repeated": 0,
            "id": 7850
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e74000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7851
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7852
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\Main"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main"
              }
            ],
            "repeated": 0,
            "id": 7853
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7854
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000610"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 7855
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7856
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000614"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 7857
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7858
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000618"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 7859
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7860
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 7861
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7862
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 7863
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000620"
              }
            ],
            "repeated": 0,
            "id": 7864
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7865
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              }
            ],
            "repeated": 0,
            "id": 7866
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7867
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              }
            ],
            "repeated": 0,
            "id": 7868
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7869
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              }
            ],
            "repeated": 0,
            "id": 7870
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7871
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              }
            ],
            "repeated": 0,
            "id": 7872
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000620"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562"
              }
            ],
            "repeated": 0,
            "id": 7873
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000620"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION"
              }
            ],
            "repeated": 0,
            "id": 7874
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000620"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_URI_DISABLECACHE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE"
              }
            ],
            "repeated": 0,
            "id": 7875
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7400b000"
              },
              {
                "name": "ModuleName",
                "value": "iertutil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7876
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7400b000"
              },
              {
                "name": "ModuleName",
                "value": "iertutil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7877
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7878
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7879
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xf1\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xf2\\xd4\\xf1\\xc8\\xf1V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02p\\xf4\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7880
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas"
              }
            ],
            "repeated": 0,
            "id": 7881
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76240000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7882
          },
          {
            "timestamp": "2026-06-28 21:56:19,871",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76240000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7883
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\urlmon.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73490000"
              }
            ],
            "repeated": 0,
            "id": 7884
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x76214cca",
            "parentcaller": "0x76214c64",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "79EAC9EE-BAF9-11CE-8C82-00AA004BA90B"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7885
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000620"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610"
              }
            ],
            "repeated": 0,
            "id": 7886
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b9db61",
            "parentcaller": "0x73fb0656",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "msiso.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73fb0763"
              }
            ],
            "repeated": 0,
            "id": 7887
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000620"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_LOCALMACHINE_LOCKDOWN"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN"
              }
            ],
            "repeated": 0,
            "id": 7888
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73fa6ed4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 7889
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7890
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer"
              }
            ],
            "repeated": 0,
            "id": 7891
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b84343",
            "parentcaller": "0x75b84121",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "KeyInformation",
                "value": "s\\xff820 }\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 7892
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73faa6ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 7893
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000624"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 7894
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7895
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer"
              }
            ],
            "repeated": 0,
            "id": 7896
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000062c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 7897
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73faa374",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 7898
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000063c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000630"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 7899
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73faa374",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 7900
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735d3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7901
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735d3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7902
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x74188b03",
            "parentcaller": "0x7418dc25",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 7903
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8f828",
            "parentcaller": "0x75b8f48e",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000063c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\UrlZonesSM_Rajesh"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7904
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b9da9b",
            "parentcaller": "0x734b751f",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000063c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0b08f1d0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7905
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7906
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "System\\Setup"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\Setup"
              }
            ],
            "repeated": 0,
            "id": 7907
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x734c1694",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 7908
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7909
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              }
            ],
            "repeated": 0,
            "id": 7910
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000640"
              },
              {
                "name": "ObjectAttributesName",
                "value": "0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 7911
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x734c15f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 7912
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000640"
              },
              {
                "name": "ObjectAttributesName",
                "value": "1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 7913
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x734c15f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 7914
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000640"
              },
              {
                "name": "ObjectAttributesName",
                "value": "2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 7915
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x734c15f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 7916
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000640"
              },
              {
                "name": "ObjectAttributesName",
                "value": "3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 7917
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x734c15f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 7918
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000640"
              },
              {
                "name": "ObjectAttributesName",
                "value": "4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 7919
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x734c15f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 7920
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x734c15ff",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 7921
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7922
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              }
            ],
            "repeated": 0,
            "id": 7923
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7924
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              }
            ],
            "repeated": 0,
            "id": 7925
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7926
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              }
            ],
            "repeated": 0,
            "id": 7927
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7928
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              }
            ],
            "repeated": 0,
            "id": 7929
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7930
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              }
            ],
            "repeated": 0,
            "id": 7931
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7932
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              }
            ],
            "repeated": 0,
            "id": 7933
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7934
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8fb07",
            "parentcaller": "0x75b8fa24",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              },
              {
                "name": "MutexName",
                "value": "Local\\ZonesCacheCounterMutex"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7935
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7936
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 7937
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7938
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 7939
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7940
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 7941
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7942
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 7943
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7944
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 7945
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 7946
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 7947
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7948
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7949
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 7950
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7951
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 7952
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7953
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 7954
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7955
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 7956
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7957
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 7958
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e76000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7959
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7960
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              }
            ],
            "repeated": 0,
            "id": 7961
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b86ba5",
            "parentcaller": "0x75b8341e",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "ProxyBypass"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass"
              }
            ],
            "repeated": 0,
            "id": 7962
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b86ba5",
            "parentcaller": "0x75b8341e",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "IntranetName"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName"
              }
            ],
            "repeated": 0,
            "id": 7963
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b86ba5",
            "parentcaller": "0x75b8341e",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "UNCAsIntranet"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet"
              }
            ],
            "repeated": 0,
            "id": 7964
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b86ba5",
            "parentcaller": "0x75b8341e",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "ValueName",
                "value": "AutoDetect"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "0"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect"
              }
            ],
            "repeated": 0,
            "id": 7965
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 7966
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 7967
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 7968
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 7969
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7970
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 7971
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7972
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 7973
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7974
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 7975
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7976
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 7977
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7978
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 7979
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 7980
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 7981
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "Index",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 7982
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7983
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 7984
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7985
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 7986
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7987
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 7988
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7989
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 7990
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7991
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 7992
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 7993
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 7994
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "Index",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 7995
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7996
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 7997
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 7998
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 7999
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8000
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 8001
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8002
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 8003
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8004
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 8005
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8006
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 8007
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "Index",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 8008
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 8009
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8010
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              }
            ],
            "repeated": 0,
            "id": 8011
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8012
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              }
            ],
            "repeated": 0,
            "id": 8013
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8014
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              }
            ],
            "repeated": 0,
            "id": 8015
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8016
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              }
            ],
            "repeated": 0,
            "id": 8017
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8018
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              }
            ],
            "repeated": 0,
            "id": 8019
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8020
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              }
            ],
            "repeated": 0,
            "id": 8021
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8022
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8fb07",
            "parentcaller": "0x75b8fa24",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              },
              {
                "name": "MutexName",
                "value": "Local\\ZonesLockedCacheCounterMutex"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8023
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8024
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 8025
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8026
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 8027
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8028
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 8029
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8030
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 8031
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8032
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 8033
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 8034
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8035
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8036
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8037
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 8038
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8039
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 8040
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8041
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 8042
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8043
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 8044
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8045
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 8046
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8047
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              }
            ],
            "repeated": 0,
            "id": 8048
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b86ba5",
            "parentcaller": "0x75b8341e",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "ProxyBypass"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass"
              }
            ],
            "repeated": 0,
            "id": 8049
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b86ba5",
            "parentcaller": "0x75b8341e",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "IntranetName"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName"
              }
            ],
            "repeated": 0,
            "id": 8050
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b86ba5",
            "parentcaller": "0x75b8341e",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "UNCAsIntranet"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet"
              }
            ],
            "repeated": 0,
            "id": 8051
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b86ba5",
            "parentcaller": "0x75b8341e",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "ValueName",
                "value": "AutoDetect"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "0"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect"
              }
            ],
            "repeated": 0,
            "id": 8052
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8053
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 8054
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8055
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 8056
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8057
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 8058
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8059
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 8060
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8061
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 8062
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8063
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 8064
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8065
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 8066
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 8067
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8068
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "Index",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8069
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8070
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 8071
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8072
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 8073
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8074
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 8075
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8076
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 8077
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8078
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 8079
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 8080
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8081
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "Index",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 8082
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8083
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 8084
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8085
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 8086
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8087
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 8088
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8089
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 8090
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8091
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 8092
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 8093
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8094
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b846c0",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "Index",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 8095
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 8096
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 8097
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x73fa5c8d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "PathCreateFromUrlW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75b882b0"
              }
            ],
            "repeated": 0,
            "id": 8098
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000620"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000"
              }
            ],
            "repeated": 0,
            "id": 8099
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735d3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8100
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735d3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8101
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 8102
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8103
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xe2\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8104
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 8105
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 8106
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8107
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x1c\\xe0\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\x9c\\xe0\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st\\xc0\\xe0\\x08\\x0b\\xbc\\xe0\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8108
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 8109
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 8110
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8111
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e77000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8112
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 8113
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 8114
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x747bb6a0",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCache"
              }
            ],
            "repeated": 0,
            "id": 8115
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c3dc4",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8116
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x747c01d7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 8117
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x747c021e",
            "parentcaller": "0x747c3baa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8118
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x747c02da",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xe2\\x08\\x0b`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8119
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000344"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 8120
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000640"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 8121
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7484bb07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 8122
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x1c\\xe0\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\x9c\\xe0\\x08\\x0b\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st\\xc0\\xe0\\x08\\x0b\\xbc\\xe0\\x08\\x0b\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8123
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 8124
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000640"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 8125
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7487f6eb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 8126
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x747c0a47",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 8127
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747c0b40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8128
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x747bb6a0",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
              }
            ],
            "repeated": 0,
            "id": 8129
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x74884771",
            "parentcaller": "0x747c3dc4",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8130
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b91571",
            "parentcaller": "0x75ba4088",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8131
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x75ba4097",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8132
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75ba421d",
            "parentcaller": "0x734c0f92",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e309f8",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x3a6eea36"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 8133
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75ba4678",
            "parentcaller": "0x75ba4235",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8134
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75ba421d",
            "parentcaller": "0x734c0f92",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e309f8",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xeedf2ef8"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0776"
              }
            ],
            "repeated": 0,
            "id": 8135
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75ba4678",
            "parentcaller": "0x75ba4235",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8136
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75ba421d",
            "parentcaller": "0x734c0f92",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e309f8",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xeee3f58c"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0776"
              }
            ],
            "repeated": 0,
            "id": 8137
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75ba4678",
            "parentcaller": "0x75ba4235",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8138
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75ba421d",
            "parentcaller": "0x734c0f92",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e306b8",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xeee655e5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0776"
              }
            ],
            "repeated": 0,
            "id": 8139
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75ba4678",
            "parentcaller": "0x75ba4235",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8140
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75ba421d",
            "parentcaller": "0x734c0f92",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e309f8",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xeee655e5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0776"
              }
            ],
            "repeated": 0,
            "id": 8141
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75ba4678",
            "parentcaller": "0x75ba4235",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8142
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b91571",
            "parentcaller": "0x75ba40b3",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8143
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x734bff53",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8144
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x734bff53",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15"
              }
            ],
            "repeated": 0,
            "id": 8145
          },
          {
            "timestamp": "2026-06-28 21:56:19,886",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x734bff53",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a"
              }
            ],
            "repeated": 0,
            "id": 8146
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x734bff53",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp"
              }
            ],
            "repeated": 0,
            "id": 8147
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x734bff53",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              }
            ],
            "repeated": 0,
            "id": 8148
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x734bff53",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData"
              }
            ],
            "repeated": 0,
            "id": 8149
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x734bff53",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              }
            ],
            "repeated": 0,
            "id": 8150
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x734bff53",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              }
            ],
            "repeated": 0,
            "id": 8151
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b78e93",
            "parentcaller": "0x75b78e42",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8152
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b78e6e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8153
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x73fb4173",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8154
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735d3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8155
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735d3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8156
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b91571",
            "parentcaller": "0x76212413",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8157
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x76212420",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8158
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b91571",
            "parentcaller": "0x7621243a",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8159
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735d3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8160
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735d3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8161
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b91571",
            "parentcaller": "0x76212413",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8162
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x76212420",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8163
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b91571",
            "parentcaller": "0x7621243a",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 8164
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b92da9",
            "parentcaller": "0x76212420",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe:Zone.Identifier"
              }
            ],
            "repeated": 0,
            "id": 8165
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b91571",
            "parentcaller": "0x7621243a",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8166
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735d3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8167
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735d3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8168
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b9db61",
            "parentcaller": "0x73fb0656",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "msiso.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73fb0763"
              }
            ],
            "repeated": 0,
            "id": 8169
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000620"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_PROTOCOL_LOCKDOWN"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN"
              }
            ],
            "repeated": 0,
            "id": 8170
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x73fa6ed4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8171
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8172
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 8173
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8174
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 8175
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82abb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8176
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b82aeb",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 8177
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8178
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8179
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xf0\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xf1\\xec\\xf0\\xe0\\xf0V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x88\\xf3\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8180
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8181
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000556"
              },
              {
                "name": "ObjectAttributesName",
                "value": "command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8182
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000652"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8183
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000652"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8184
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xf0\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xc4\\xf0t\\xf0h\\xf0R\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x10\\xf3\\x08\\x0b\\xbc^\\xb8uR\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8185
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8186
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000652"
              }
            ],
            "repeated": 0,
            "id": 8187
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8188
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8189
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xf0\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x004\\xf1\\xe4\\xf0\\xd8\\xf0V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x80\\xf3\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8190
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas\\DropTarget"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas\\DropTarget"
              }
            ],
            "repeated": 0,
            "id": 8191
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000556"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DropTarget"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\DropTarget"
              }
            ],
            "repeated": 0,
            "id": 8192
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8193
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 8194
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b84343",
            "parentcaller": "0x75b84121",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd0\\x14\\xffde$\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 8195
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x748129da",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 8196
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8197
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8198
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76872000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8199
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76872000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8200
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x7568db55",
            "parentcaller": "0x7568b5be",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers"
              }
            ],
            "repeated": 0,
            "id": 8201
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x7568b613",
            "parentcaller": "0x7568b530",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 8202
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8203
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8204
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xed\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xa4\\xedT\\xedH\\xedV\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xf0\\xef\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8205
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8206
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000556"
              },
              {
                "name": "ObjectAttributesName",
                "value": "command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8207
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000652"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8208
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000652"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8209
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xec\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00|\\xed,\\xed \\xedR\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xc8\\xef\\x08\\x0b\\xbc^\\xb8uR\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8210
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8211
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7561ec39",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000652"
              }
            ],
            "repeated": 0,
            "id": 8212
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8213
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8214
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00d\\xe7\\x14\\xe7\\x08\\xe7V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb0\\xe9\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8215
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8216
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000556"
              },
              {
                "name": "ObjectAttributesName",
                "value": "command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8217
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000652"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8218
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000652"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8219
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xec\\xe6\\x9c\\xe6\\x90\\xe6R\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x028\\xe9\\x08\\x0b\\xbc^\\xb8uR\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8220
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8221
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f7b27",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000652"
              }
            ],
            "repeated": 0,
            "id": 8222
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8223
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8224
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00d\\xe7\\x14\\xe7\\x08\\xe7V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb0\\xe9\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8225
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8226
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000556"
              },
              {
                "name": "ObjectAttributesName",
                "value": "command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8227
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000652"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8228
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000652"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8229
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xec\\xe6\\x9c\\xe6\\x90\\xe6R\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x028\\xe9\\x08\\x0b\\xbc^\\xb8uR\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8230
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8231
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f7b27",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000652"
              }
            ],
            "repeated": 0,
            "id": 8232
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x764308bd",
            "parentcaller": "0x7642ce43",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8233
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8234
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 8235
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b84343",
            "parentcaller": "0x75b84121",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd0\\x14\\xffde$\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 8236
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x764a16ea",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8237
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8238
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 8239
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b84343",
            "parentcaller": "0x75b84121",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd0\\x14\\xffde$\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 8240
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x748129da",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8241
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8242
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 8243
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b84343",
            "parentcaller": "0x75b84121",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd0\\x14\\xffde$\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 8244
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x748129da",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8245
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x7481708d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8246
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x7481715c",
            "parentcaller": "0x748170b0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8247
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x748170ef",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8248
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8249
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8250
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8251
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": ".exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 8252
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 8253
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\.exe"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8254
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8255
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xed\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xbc\\xedl\\xed`\\xedN\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x08\\xf0\\x08\\x0b\\xbc^\\xb8uN\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8256
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\.exe"
              }
            ],
            "repeated": 0,
            "id": 8257
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8258
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8259
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8260
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 8261
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 8262
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000642"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8263
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000642"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8264
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xed\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xee\\xec\\xed\\xe0\\xedB\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x88\\xf0\\x08\\x0b\\xbc^\\xb8uB\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8265
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 8266
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000642"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CurVer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer"
              }
            ],
            "repeated": 0,
            "id": 8267
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000642"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8268
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000642"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8269
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xee\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xcc\\xee|\\xeep\\xeeB\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\x18\\xf1\\x08\\x0b\\xbc^\\xb8uB\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8270
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 8271
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000642"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\"
              }
            ],
            "repeated": 0,
            "id": 8272
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x748175e8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000642"
              }
            ],
            "repeated": 0,
            "id": 8273
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000656"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8274
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000656"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8275
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xe4\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xe4\\xa4\\xe4\\x98\\xe4V\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00@\\xe7\\x08\\x0b\\xbc^\\xb8uV\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8276
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\Progid"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\Progid"
              }
            ],
            "repeated": 0,
            "id": 8277
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000656"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Progid"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Progid"
              }
            ],
            "repeated": 0,
            "id": 8278
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8279
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\ProgIDs\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\ProgIDs\\exefile"
              }
            ],
            "repeated": 0,
            "id": 8280
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75625244",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064e"
              }
            ],
            "repeated": 0,
            "id": 8281
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75625244",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000656"
              }
            ],
            "repeated": 0,
            "id": 8282
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8283
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 8284
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8285
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8286
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 8287
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8288
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8289
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8290
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8291
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 8292
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8293
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8294
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 8295
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8296
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8297
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 8298
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8299
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8300
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 8301
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f8789",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8302
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x748896b1",
            "parentcaller": "0x7488965f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8303
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x7488975b",
            "parentcaller": "0x74889701",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8304
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x748896d9",
            "parentcaller": "0x7488965f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8305
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8306
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8307
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8308
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8309
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x748896b1",
            "parentcaller": "0x7488965f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8310
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x7488975b",
            "parentcaller": "0x74889701",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8311
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x748896d9",
            "parentcaller": "0x7488965f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8312
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8313
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8314
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xf0\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00t\\xf1$\\xf1\\x18\\xf1V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xc0\\xf3\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8315
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas"
              }
            ],
            "repeated": 0,
            "id": 8316
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8317
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8318
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xf0\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00t\\xf1$\\xf1\\x18\\xf1V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xc0\\xf3\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8319
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas"
              }
            ],
            "repeated": 0,
            "id": 8320
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8321
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 8322
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000654"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 8323
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7482326c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8324
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x748232a4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8325
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x74842797",
            "parentcaller": "0x74842761",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8326
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x748427cf",
            "parentcaller": "0x74842761",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd4\\x93\\xe7\\x04 \\x00 \\x00\\xec\\x93\\xe7\\x04\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x10\\x94\\xe7\\x04T\\x00S\\x00A\\x00:\\x00/\\x00/\\x00P\\x00r\\x00o\\x00c\\x00U\\x00n\\x00i\\x00q\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00v\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd7A\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8327
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\WinTypes.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73890000"
              }
            ],
            "repeated": 0,
            "id": 8328
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x7483f004",
            "parentcaller": "0x74840a24",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F1C46D71-B791-4110-8D5C-7108F22C1010"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8A43ED9F-F4E6-4421-ACF9-1DAB2986820C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8329
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8330
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8331
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x758817d7",
            "parentcaller": "0x75831999",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005bc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.PropertyValue"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue"
              }
            ],
            "repeated": 0,
            "id": 8332
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75881887",
            "parentcaller": "0x75881832",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "KeyInformation",
                "value": "<\\x1d\\x1c\\xffce}\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00@\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00V\\x00a\\x00l\\x00u\\x00e\\x00\\x05\\x00\\x00\\x00\\x00\\x00\\xff9a\\x00\\xffcc\\x01\\xff9a\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00t\n\\xff9a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffdf\\x04p\n\\xff9a\\x00 \\x00\\x00\\x00\\xfffc\\xffed\\x08\\x0b\\xffde]\\xfff4vD\\xfff9\\xffe2\\x04\\xffde]\\xfff4v\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xfffc\\xffe3\\x04 \\xfffc\\xffe3\\x04\\x00\\x00\\xffb9\\x06\\xff88\\xffef\\x08\\x0b#\\x0c\\xff83u\\x02\\x00\\x00\\x00\\xff93\\x0c\\xff83uT\\x18\\xff9au`\t\\xff83u0\\xfff9\\xffe2\\x04\\xfff4\\x0c\\xff83ud\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xfff9\\xffe2\\x04\\x01\\x00\\x00\\x00T\\x18\\xff9au\\x02\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\t\\xff83u\\xfff0\\xff86\\xff89u\\x00\\x00\\x00\\x00\\xfff4\\xffef\\x08\\x0b\\xff92q\\xfff4v\\xfff8\\x0c\\xffe3\\x04i\\xff9f\\xffc0|\\x00\\x00\\xffb9\\x06\\xffb6\\x00\\x00\\x00\\xff90\\xfff0\\x08\\x0b \\xfffc\\xffe3\\x04\\x00\\x00\\x00\\x008\\xfffb\\xff99u\\x00\\x00\\x00\\x00\\xffd8I\\xffe6\\x04\\xffe4\\xfff2\\x08\\x0b\\xffa8\\xffef\\x08\\x0b\\xfff0X\\xffe2\\x04 \\x00\\x00\\x00\t\\x00#\\x00(\\xffef\\x08\\x0b\\xffdc\\xfffd\\xffe2\\x04 \\x00\\x00\\x00\t\\x00#\\x008\\xffef\\x08\\x0b\\xffd4\\xffed\\xffe2\\x040\\xffef\\x08\\x0b\\x7fb\\xfff4vb\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffdf\\x04\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\xffd0\\x07\\xff9a\\x00d\\x00\\x00\\x00\\xffb4\\x1f\\xffe5\\x04P\\x00\\x00\\x00\\xffd0\\x07\\xff9a\\x00d\\x00\\x00\\x00\\xffc8\\xfffd\\xffe2\\x04P\\x00\\x00\\x00\\x00\\x00\\x00\\x00X_\\xffe2\\x04\\xffc0\\xffed\\xffe2\\x04\\x00\\x00\\x00\\x00\\xfff8\\x0c\\xffe3\\x04\\xfff8\\x0c\\xffe3\\x04\\x00\\x00\\x00\\x00 \\xfffc\\xffe3\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xff9a\\x00\\xffe0\\x01\\xff9a\\x00\\x00\\x00\\x00\\x00D\\x00\\x00\\x00|\\x0c\\xff9a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffdf\\x04x\\x0c\\xff9a\\x00\\xffde]\\xfff4vP\\xffef\\x08\\x0b\\xffde]\\xfff4v\\xfff8\\x0c\\xffe3\\x04\\xffde]\\xfff4v\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xfffc\\xffe3\\x04\\xfff8\\x0c\\xffe3\\x040\\xfff9\\xffe2\\x04 \\xfffc\\xffe3\\x04\\xff84\\xffef\\x08\\x0b@\\xffa0\\xff82uH\\xfff9\\xffe2\\x04\\xfff8\\x0c\\xffe3\\x040\\xff9f\\xff82u\\xfff8\\x0c\\xffe3\\x04"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8333
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CustomAttributes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 8334
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e7a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8335
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7582b908",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8336
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73890000"
              }
            ],
            "repeated": 0,
            "id": 8337
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x75826101",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73890000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738fe670"
              }
            ],
            "repeated": 0,
            "id": 8338
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x75826113",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73890000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738ff990"
              }
            ],
            "repeated": 0,
            "id": 8339
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x75826130",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73890000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73904370"
              }
            ],
            "repeated": 0,
            "id": 8340
          },
          {
            "timestamp": "2026-06-28 21:56:19,902",
            "thread_id": "3348",
            "caller": "0x758383c5",
            "parentcaller": "0x75838242",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 8341
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8f218",
            "parentcaller": "0x74844a28",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00001000",
                "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "3412"
              }
            ],
            "repeated": 0,
            "id": 8342
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8343
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8344
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x74842a82",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8345
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x7484296b",
            "parentcaller": "0x74842872",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8346
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x748429a7",
            "parentcaller": "0x74842872",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xbc\\xa5\\xe7\\x04 \\x00 \\x00\\xd4\\xa5\\xe7\\x04\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xf8\\xa5\\xe7\\x04T\\x00S\\x00A\\x00:\\x00/\\x00/\\x00P\\x00r\\x00o\\x00c\\x00U\\x00n\\x00i\\x00q\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00v\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd7A\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8347
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x74842883",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8348
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x74844aa6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8349
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8f218",
            "parentcaller": "0x74842673",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00001000",
                "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "3412"
              }
            ],
            "repeated": 0,
            "id": 8350
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b92644",
            "parentcaller": "0x74842a82",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8351
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x7484296b",
            "parentcaller": "0x74842872",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8352
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x748429a7",
            "parentcaller": "0x74842872",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xbc\\xa5\\xe7\\x04 \\x00 \\x00\\xd4\\xa5\\xe7\\x04\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xf8\\xa5\\xe7\\x04T\\x00S\\x00A\\x00:\\x00/\\x00/\\x00P\\x00r\\x00o\\x00c\\x00U\\x00n\\x00i\\x00q\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00v\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd7A\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8353
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x74842883",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8354
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7484269e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8355
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8f218",
            "parentcaller": "0x74842584",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00001000",
                "pretty_value": "PROCESS_QUERY_LIMITED_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "3412"
              }
            ],
            "repeated": 0,
            "id": 8356
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x748425c7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8357
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x758383c5",
            "parentcaller": "0x75838242",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8358
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8359
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8360
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xe5\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x0c\\xe6\\xbc\\xe5\\xb0\\xe5r\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02X\\xe8\\x08\\x0b\\xbc^\\xb8ur\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8361
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 8362
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8363
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8364
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xee\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xcc\\xee|\\xeep\\xeer\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x18\\xf1\\x08\\x0b\\xbc^\\xb8ur\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8365
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\Application"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\Application"
              }
            ],
            "repeated": 0,
            "id": 8366
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000572"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Application"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Application"
              }
            ],
            "repeated": 0,
            "id": 8367
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8368
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 8369
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b84343",
            "parentcaller": "0x75b84121",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd0\\x14\\xffde$\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 8370
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7481bdff",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8371
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8372
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{66742402-F9B9-11D1-A202-0000F81FEDEE}"
              }
            ],
            "repeated": 0,
            "id": 8373
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8374
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8375
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8376
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8377
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8378
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x747e7614",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76320000"
              }
            ],
            "repeated": 0,
            "id": 8379
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x747e7653",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76320000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x764582f0"
              }
            ],
            "repeated": 0,
            "id": 8380
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8381
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 8382
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b84343",
            "parentcaller": "0x75b84121",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffd0\\x14\\xffde$\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 8383
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7481bdff",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8384
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b78e93",
            "parentcaller": "0x75b78e42",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8385
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b78e6e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8386
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b9fd84",
            "parentcaller": "0x755fee90",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000064c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000654"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 8387
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x755fefeb",
            "parentcaller": "0x755fbad3",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000654"
              },
              {
                "name": "IoControlCode",
                "value": "0x00090240"
              },
              {
                "name": "InBuffer",
                "value": "\\x01\\x00\\x0c\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8388
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x75623c8a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8389
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8feda",
            "parentcaller": "0x7647fa1d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8390
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x76f4539b",
            "parentcaller": "0x75b90a7e",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8391
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8392
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90b2a",
            "parentcaller": "0x75b907d7",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000065c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000005",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000064c"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8393
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90b73",
            "parentcaller": "0x75b907d7",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b3a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00068000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8394
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90bcb",
            "parentcaller": "0x75b907d7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 8395
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90bd2",
            "parentcaller": "0x75b907d7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8396
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8ff33",
            "parentcaller": "0x7647fa1d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8397
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8efec",
            "parentcaller": "0x75b8fffb",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b3a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 8398
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8ed45",
            "parentcaller": "0x7647fa45",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8399
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x76f4539b",
            "parentcaller": "0x75b90a7e",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8400
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8401
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90b2a",
            "parentcaller": "0x75b907d7",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000065c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000005",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000064c"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8402
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90b73",
            "parentcaller": "0x75b907d7",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b3a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00068000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8403
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90bcb",
            "parentcaller": "0x75b907d7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 8404
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90bd2",
            "parentcaller": "0x75b907d7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8405
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8ed83",
            "parentcaller": "0x7647fa45",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8406
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8efec",
            "parentcaller": "0x75b8eeae",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b3a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 8407
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8feda",
            "parentcaller": "0x7647fa1d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8408
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x76f4539b",
            "parentcaller": "0x75b90a7e",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8409
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8410
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90b2a",
            "parentcaller": "0x75b907d7",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000065c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000005",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000064c"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8411
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90b73",
            "parentcaller": "0x75b907d7",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b3a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00068000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8412
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90bcb",
            "parentcaller": "0x75b907d7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 8413
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90bd2",
            "parentcaller": "0x75b907d7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8414
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8ff33",
            "parentcaller": "0x7647fa1d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8415
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8efec",
            "parentcaller": "0x75b8fffb",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b3a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 8416
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8ed45",
            "parentcaller": "0x7647fa45",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8417
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x76f4539b",
            "parentcaller": "0x75b90a7e",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8418
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8419
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90b2a",
            "parentcaller": "0x75b907d7",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000065c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000005",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000064c"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8420
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90b73",
            "parentcaller": "0x75b907d7",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b3a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00068000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8421
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90bcb",
            "parentcaller": "0x75b907d7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 8422
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90bd2",
            "parentcaller": "0x75b907d7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8423
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8ed83",
            "parentcaller": "0x7647fa45",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8424
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b8efec",
            "parentcaller": "0x75b8eeae",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b3a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 8425
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7560077e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8426
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x75600794",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 8427
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x76f32546",
            "parentcaller": "0x76f31f50",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000658"
              }
            ],
            "repeated": 0,
            "id": 8428
          },
          {
            "timestamp": "2026-06-28 21:56:19,918",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Bcp47Langs"
              },
              {
                "name": "DllBase",
                "value": "0x73390000"
              }
            ],
            "repeated": 0,
            "id": 8429
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\sppc"
              },
              {
                "name": "DllBase",
                "value": "0x73320000"
              }
            ],
            "repeated": 0,
            "id": 8430
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\SLC"
              },
              {
                "name": "DllBase",
                "value": "0x73370000"
              }
            ],
            "repeated": 0,
            "id": 8431
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\USERENV"
              },
              {
                "name": "DllBase",
                "value": "0x73340000"
              }
            ],
            "repeated": 0,
            "id": 8432
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\appresolver"
              },
              {
                "name": "DllBase",
                "value": "0x733e0000"
              }
            ],
            "repeated": 0,
            "id": 8433
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\appresolver.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x733e0000"
              }
            ],
            "repeated": 0,
            "id": 8434
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x73406a6f",
            "parentcaller": "0x734142d0",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8435
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x74840ac4",
            "parentcaller": "0x7483e5b8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "21CBC515-2DDE-4D66-8292-BA34BD25094A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8436
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x734155a4",
            "parentcaller": "0x734161d5",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1F486A52-3CB1-48FD-8F50-B8DC300D9F9D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ECF31D61-E474-453C-BEE7-DE68E441C6D0"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8437
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7375e548",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffc"
              }
            ],
            "repeated": 1,
            "id": 8438
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e294",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*cversions.3"
              }
            ],
            "repeated": 0,
            "id": 8439
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e294",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000688"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*cversions.3.ro"
              }
            ],
            "repeated": 0,
            "id": 8440
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9da9b",
            "parentcaller": "0x7375de75",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000688"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0b08e73c"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8441
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e294",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002f.db"
              }
            ],
            "repeated": 0,
            "id": 8442
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9da9b",
            "parentcaller": "0x73752e49",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000690"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0b08f5e4"
              },
              {
                "name": "ViewSize",
                "value": "0x0001b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8443
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x73413ca7",
            "parentcaller": "0x73416564",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 8444
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xf3\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf6B\\xb91\\xfe\\xff\\xff\\xff\\x84\\xf3\\x08\\x0b(\\x12\\x9a\\x00h\\x00\\x00\\x00\\xd0\\x07\\x9a\\x00d\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\x00\\x00\\x00\\x98\\xa8\\xf7\\x06\\x10a\\xe2\\x04"
              }
            ],
            "repeated": 0,
            "id": 8445
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75b81199",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 8446
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000694"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000068c"
              },
              {
                "name": "ObjectAttributesName",
                "value": ""
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\"
              }
            ],
            "repeated": 0,
            "id": 8447
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000694"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Control Panel\\International\\User Profile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile"
              }
            ],
            "repeated": 0,
            "id": 8448
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x7339e537",
            "parentcaller": "0x733b5898",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068c"
              }
            ],
            "repeated": 0,
            "id": 8449
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x733d3000"
              },
              {
                "name": "ModuleName",
                "value": "Bcp47Langs.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8450
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x733d3000"
              },
              {
                "name": "ModuleName",
                "value": "Bcp47Langs.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8451
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x733a4fec",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 8452
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x733a4ffa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              }
            ],
            "repeated": 0,
            "id": 8453
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xee\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x7f\\x00\\x01\\x00p\\x02\\xb9\\x06\\xa0\\xb4\\xb9\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00p\\x02\\xb9\\x06_\\x82\\xf7\\x060\\xef\\x01\\x01\\x00\\x00\\x00\\x00D\\xf4\\x08\\x0b"
              }
            ],
            "repeated": 0,
            "id": 8454
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75b81199",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000694"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 8455
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9530a",
            "parentcaller": "0x75b7c6d8",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000694"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Control Panel\\International\\Geo"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International\\Geo"
              }
            ],
            "repeated": 0,
            "id": 8456
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9533d",
            "parentcaller": "0x75b7c6d8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000694"
              }
            ],
            "repeated": 0,
            "id": 8457
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b7c758",
            "parentcaller": "0x73413d20",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 8458
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7375e548",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffc"
              }
            ],
            "repeated": 0,
            "id": 8459
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e294",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*cversions.3"
              }
            ],
            "repeated": 0,
            "id": 8460
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9285d",
            "parentcaller": "0x7375e294",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000698"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*cversions.3.ro"
              }
            ],
            "repeated": 0,
            "id": 8461
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9da9b",
            "parentcaller": "0x7375de75",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000698"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d10000"
              },
              {
                "name": "SectionOffset",
                "value": "0x0b08e774"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8462
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x737601d2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 8463
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9f5a5",
            "parentcaller": "0x737601e1",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8464
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x73760107",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000690"
              }
            ],
            "repeated": 0,
            "id": 8465
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9f5a5",
            "parentcaller": "0x73760122",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8466
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7375e548",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffc"
              }
            ],
            "repeated": 0,
            "id": 8467
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x737601d2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              }
            ],
            "repeated": 0,
            "id": 8468
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b9f5a5",
            "parentcaller": "0x737601e1",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8469
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8470
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8471
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75ba4eeb",
            "parentcaller": "0x75608c21",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00p\\xa3\\x00T\r\\x00\\x00\\x14\r\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 8472
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "3348",
            "caller": "0x75b911a9",
            "parentcaller": "0x756090b3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8473
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "2368",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7565c000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8474
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "2368",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7565c000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8475
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "2368",
            "caller": "0x75ba4eeb",
            "parentcaller": "0x7562f035",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x000\\xa4\\x00T\r\\x00\\x00@\t\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2368"
              }
            ],
            "repeated": 0,
            "id": 8476
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "2368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8477
          },
          {
            "timestamp": "2026-06-28 21:56:20,027",
            "thread_id": "2368",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub"
              },
              {
                "name": "DllBase",
                "value": "0x732e0000"
              }
            ],
            "repeated": 0,
            "id": 8478
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x732e0000"
              }
            ],
            "repeated": 0,
            "id": 8479
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x748d2746",
            "parentcaller": "0x748d2d81",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "C2F03A33-21F5-47FA-B4BB-156362A2F239"
              },
              {
                "name": "ClsContext",
                "value": "0x00000004",
                "pretty_value": "CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "6D5140C1-7436-11CE-8034-00AA006009FA"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8480
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x753bb942",
            "parentcaller": "0x753bb8d6",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8481
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75442000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8482
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75442000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8483
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x753bbd8a",
            "parentcaller": "0x753bb912",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8484
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f679e9",
            "parentcaller": "0x753bdc27",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8485
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8486
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8487
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}"
              }
            ],
            "repeated": 0,
            "id": 8488
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000688"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}"
              }
            ],
            "repeated": 0,
            "id": 8489
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8490
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8491
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xe0\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00d\\xe1\\x14\\xe1\\x08\\xe1\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\xb0\\xe3\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8492
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 8493
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000068a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 8494
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8495
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8496
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xe0\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xe1\\xec\\xe0\\xe0\\xe0\\x92\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x88\\xe3\\xca\t\\xbc^\\xb8u\\x92\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8497
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 8498
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x7580fd35",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000692"
              }
            ],
            "repeated": 0,
            "id": 8499
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x7580fd41",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068a"
              }
            ],
            "repeated": 0,
            "id": 8500
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8501
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8502
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000035a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8503
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000688"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8504
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8505
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8506
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xd5\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xe4\\xd5\\x94\\xd5\\x88\\xd5\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x000\\xd8\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8507
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8508
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000068a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8509
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x757fcbd0",
            "parentcaller": "0x757fcb80",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 8510
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8511
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xd4\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xcc\\xd4|\\xd4p\\xd4\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x18\\xd7\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8512
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8513
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8514
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8515
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xd4\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xa4\\xd4T\\xd4H\\xd4\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xf0\\xd6\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8516
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8517
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8518
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8519
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xd4\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xa4\\xd4T\\xd4H\\xd4\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xf0\\xd6\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8520
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8521
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8522
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8523
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xd4\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x004\\xd5\\xe4\\xd4\\xd8\\xd4\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\x80\\xd7\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8524
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 8525
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000068a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 8526
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8527
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8528
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xd3\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00L\\xd4\\xfc\\xd3\\xf0\\xd3\\x92\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x98\\xd6\\xca\t\\xbc^\\xb8u\\x92\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8529
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8530
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8531
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8532
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xd3\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00t\\xd4$\\xd4\\x18\\xd4\\x92\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xc0\\xd6\\xca\t\\xbc^\\xb8u\\x92\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8533
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8534
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8535
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8536
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xd3\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00t\\xd4$\\xd4\\x18\\xd4\\x92\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xc0\\xd6\\xca\t\\xbc^\\xb8u\\x92\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8537
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8538
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8539
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8540
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xd3\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00,\\xd4\\xdc\\xd3\\xd0\\xd3\\x92\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02x\\xd6\\xca\t\\xbc^\\xb8u\\x92\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8541
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8542
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x757fd74c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000692"
              }
            ],
            "repeated": 0,
            "id": 8543
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8544
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8545
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xd4\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xcc\\xd4|\\xd4p\\xd4\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x18\\xd7\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8546
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 8547
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000068a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 8548
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8549
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8550
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xd4\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xcc\\xd4|\\xd4p\\xd4\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x18\\xd7\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8551
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 8552
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000068a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 8553
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x757fc97c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068a"
              }
            ],
            "repeated": 0,
            "id": 8554
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8555
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8556
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8557
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8558
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000035a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8559
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000688"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8560
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8561
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8562
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xd1\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x8c\\xd1<\\xd10\\xd1\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xd8\\xd3\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8563
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8564
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000068a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8565
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x757fcbd0",
            "parentcaller": "0x757fcb80",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 1,
            "id": 8566
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8567
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xcf\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00t\\xd0$\\xd0\\x18\\xd0\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xc0\\xd2\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8568
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8569
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8570
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8571
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xcf\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00L\\xd0\\xfc\\xcf\\xf0\\xcf\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x98\\xd2\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8572
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8573
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8574
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8575
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xcf\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00L\\xd0\\xfc\\xcf\\xf0\\xcf\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x98\\xd2\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8576
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8577
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8578
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8579
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xd0\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xdc\\xd0\\x8c\\xd0\\x80\\xd0\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00(\\xd3\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8580
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 8581
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000068a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 8582
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8583
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8584
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xcf\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xf4\\xcf\\xa4\\xcf\\x98\\xcf\\x92\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02@\\xd2\\xca\t\\xbc^\\xb8u\\x92\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8585
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8586
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8587
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8588
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xcf\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x1c\\xd0\\xcc\\xcf\\xc0\\xcf\\x92\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02h\\xd2\\xca\t\\xbc^\\xb8u\\x92\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8589
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8590
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8591
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8592
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xcf\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x1c\\xd0\\xcc\\xcf\\xc0\\xcf\\x92\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02h\\xd2\\xca\t\\xbc^\\xb8u\\x92\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8593
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8594
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8595
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8596
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xcf\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xcf\\x84\\xcfx\\xcf\\x92\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xd2\\xca\t\\xbc^\\xb8u\\x92\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8597
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8598
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x757fd74c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000692"
              }
            ],
            "repeated": 0,
            "id": 8599
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8600
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8601
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xcf\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00t\\xd0$\\xd0\\x18\\xd0\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc0\\xd2\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8602
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 8603
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000068a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 8604
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8605
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8606
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xcf\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00t\\xd0$\\xd0\\x18\\xd0\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc0\\xd2\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8607
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 8608
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000068a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 8609
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8610
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8611
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xcf\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xd0\\xd4\\xcf\\xc8\\xcf\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00p\\xd2\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8612
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 8613
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000068a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 8614
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8615
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8616
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xcf\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xa4\\xcfT\\xcfH\\xcf\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xf0\\xd1\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8617
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8618
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8619
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8620
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xcf\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xdc\\xcf\\x8c\\xcf\\x80\\xcf\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00(\\xd2\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8621
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 8622
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000068a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 8623
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8624
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000035a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8625
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000035a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8626
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8627
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8628
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000692"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8629
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xd0\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xdc\\xd0\\x8c\\xd0\\x80\\xd0\\x92\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00(\\xd3\\xca\t\\xbc^\\xb8u\\x92\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8630
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\Elevation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 8631
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000692"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Elevation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 8632
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x7587cad3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000692"
              }
            ],
            "repeated": 0,
            "id": 8633
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x757fc97c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068a"
              }
            ],
            "repeated": 0,
            "id": 8634
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8635
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000336"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8636
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000336"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8637
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000688"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 8638
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8639
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000068a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8640
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xde\\xca\t\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x04\\xdf\\xb4\\xde\\xa8\\xde\\x8a\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00P\\xe1\\xca\t\\xbc^\\xb8u\\x8a\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8641
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8642
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000068a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8643
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x758117e8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000068a"
              }
            ],
            "repeated": 0,
            "id": 8644
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8645
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8646
          },
          {
            "timestamp": "2026-06-28 21:56:20,043",
            "thread_id": "2368",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub"
              },
              {
                "name": "DllBase",
                "value": "0x72f30000"
              }
            ],
            "repeated": 0,
            "id": 8647
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "2368",
            "caller": "0x75b90766",
            "parentcaller": "0x75826163",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x72f30000"
              }
            ],
            "repeated": 0,
            "id": 8648
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75826101",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x72f30000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7324aa10"
              }
            ],
            "repeated": 0,
            "id": 8649
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75826113",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x72f30000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8650
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "2368",
            "caller": "0x75b9800a",
            "parentcaller": "0x75826130",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x72f30000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7324aa80"
              }
            ],
            "repeated": 0,
            "id": 8651
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "2368",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e7e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8652
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "2368",
            "caller": "0x758817d7",
            "parentcaller": "0x75831999",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000688"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005bc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.Streams.DataWriter"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter"
              }
            ],
            "repeated": 0,
            "id": 8653
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "2368",
            "caller": "0x75881887",
            "parentcaller": "0x75881832",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000688"
              },
              {
                "name": "KeyInformation",
                "value": "?\t(\\xffce}\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00D\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00r\\x00e\\x00a\\x00m\\x00s\\x00.\\x00D\\x00a\\x00t\\x00a\\x00W\\x00r\\x00i\\x00t\\x00e\\x00r\\x00\\x00\\x00\\xff9a\\x00\\xffcc\\x01\\xff9a\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00t\n\\xff9a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffdf\\x04p\n\\xff9a\\x00\\x00\\x00\\x00\\x00\\xff84\\xffec\\xffca\t\\xffde]\\xfff4v\\x14\\xffcd\\xffe7\\x04\\xffde]\\xfff4v\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff88\\xffb1\\xffe7\\x04\\xff88\\xffb1\\xffe7\\x04\\xffe8\\xffec\\xffe7\\x04\\x10\\xffee\\xffca\t#\\x0c\\xff83u\\x02\\x00\\x00\\x00\\xff93\\x0c\\xff83uT\\x18\\xff9au`\t\\xff83u\\x00\\xffcd\\xffe7\\x04\\xfff4\\x0c\\xff83u\\x13\\xffdf\\xff84u\\xffb8\\xffef\\xffca\t\\x00\\xffcd\\xffe7\\x04\\x01\\x00\\x00\\x00T\\x18\\xff9au \\xffa9\\xffe7\\x04@\\x00\\x00\\x00\\xffe8\\xffec\\xffe7\\x04`\t\\xff83u\\xfff0\\xff86\\xff89u\\x06\\x00\\x00\\x00x,\\xffe5\\x04\\xffde]\\xfff4v8\r\\xffe3\\x04\\x00\\x00\\x00\\x00\\x08\\xffcf\\xffe5\\x04\\x06\\xffea\\x0bV\\x00\\x00\\x00\\x00\\xff88\\xffb1\\xffe7\\x04\\xff90\\xffe3\\xff84u8\\xfffb\\xff99u\\xffc0\\xffa5\\xffe6\\x04PJ\\xffe6\\x04\\xff80\t\\xff9a\\x00\\xff80\t\\xff9a\\x00`O\\x02w \\x00\\x00\\x00\\x04\\x007\\x00\\xffb0\\xffed\\xffca\t\\xffdc\\xfffd\\xffe2\\x04 \\x00\\x00\\x000\\x00\\x0c\\x00\\xffc0\\xffed\\xffca\t\\xffd4\\xffc8\\xffe7\\x04\\xffb8\\xffed\\xffca\t\\x7fb\\xfff4v6\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffdf\\x04\\x00\\x00\\x00\\x00\\xff80\t\\xff9a\\x00@\\x00\\x00\\x00\\xffd0\\x07\\xff9a\\x00d\\x00\\x00\\x00\\x1c\\xffc8\\xffe0\\x04P\\x00\\x00\\x00\\xffd0\\x07\\xff9a\\x00d\\x00\\x00\\x00\\xffc8\\xfffd\\xffe2\\x04P\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe86\\xffe6\\x04\\xffc0\\xffc8\\xffe7\\x04\\x00\\x00\\x00\\x008\r\\xffe3\\x048\r\\xffe3\\x04\\x00\\x00\\x00\\x00\\xff88\\xffb1\\xffe7\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\xff9a\\x00\\xffe0\\x01\\xff9a\\x00\\x00\\x00\\x00\\x00D\\x00\\x00\\x00|\\x0c\\xff9a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffdf\\x04x\\x0c\\xff9a\\x00\\xffde]\\xfff4v\\xffd8\\xffed\\xffca\t\\xffde]\\xfff4v8\r\\xffe3\\x04\\xffde]\\xfff4v\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff88\\xffb1\\xffe7\\x048\r\\xffe3\\x04\\x00\\xffcd\\xffe7\\x04\\xff88\\xffb1\\xffe7\\x04\\x0c\\xffee\\xffca\t@\\xffa0\\xff82u\\x18\\xffcd\\xffe7\\x048\r\\xffe3\\x040\\xff9f\\xff82u8\r\\xffe3\\x04"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8654
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "2368",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000688"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CustomAttributes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 8655
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "2368",
            "caller": "0x75b8696b",
            "parentcaller": "0x7582b908",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              }
            ],
            "repeated": 0,
            "id": 8656
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "2368",
            "caller": "0x73901acc",
            "parentcaller": "0x738ed105",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8657
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "2368",
            "caller": "0x758383c5",
            "parentcaller": "0x758343ce",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 5,
            "id": 8658
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "2368",
            "caller": "0x75ba4eeb",
            "parentcaller": "0x755fd75f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x000\\xa4\\x00T\r\\x00\\x00@\t\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2368"
              }
            ],
            "repeated": 0,
            "id": 8659
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f561ea",
            "parentcaller": "0x75ba9549",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8660
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f56211",
            "parentcaller": "0x75ba9549",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8661
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8662
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8663
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8664
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Applications\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Applications\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8665
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Applications\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Applications\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8666
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8667
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8668
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8669
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8670
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x75b8fe16",
            "parentcaller": "0x7489d088",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc000007c",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "12"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8671
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8672
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8673
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f5106f",
            "parentcaller": "0x76f4f009",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "MPR.dll"
              }
            ],
            "repeated": 0,
            "id": 8674
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f5210c",
            "parentcaller": "0x76f52016",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mpr.dll"
              }
            ],
            "repeated": 0,
            "id": 8675
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f5e5df",
            "parentcaller": "0x76f5e32b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mpr.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 8676
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f5e61c",
            "parentcaller": "0x76f5e32b",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000654"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000064c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\mpr.dll"
              }
            ],
            "repeated": 0,
            "id": 8677
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000654"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72f10000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00019000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8678
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f4ffdf",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72f26000"
              },
              {
                "name": "ModuleName",
                "value": "MPR.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8679
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f50087",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72f24000"
              },
              {
                "name": "ModuleName",
                "value": "MPR.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8680
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f500b5",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72f24000"
              },
              {
                "name": "ModuleName",
                "value": "MPR.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8681
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8682
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8683
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72f24000"
              },
              {
                "name": "ModuleName",
                "value": "MPR.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8684
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f5e670",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 8685
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f5e678",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000064c"
              }
            ],
            "repeated": 0,
            "id": 8686
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72f24000"
              },
              {
                "name": "ModuleName",
                "value": "MPR.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8687
          },
          {
            "timestamp": "2026-06-28 21:56:20,058",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\MPR"
              },
              {
                "name": "DllBase",
                "value": "0x72f10000"
              }
            ],
            "repeated": 0,
            "id": 8688
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8689
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "system\\CurrentControlSet\\control\\NetworkProvider\\HwOrder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\system\\CurrentControlSet\\control\\NetworkProvider\\HwOrder"
              }
            ],
            "repeated": 0,
            "id": 8690
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8691
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000698"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "system\\CurrentControlSet\\control\\NetworkProvider\\ProviderOrder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\system\\CurrentControlSet\\control\\NetworkProvider\\ProviderOrder"
              }
            ],
            "repeated": 0,
            "id": 8692
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\mpr"
              },
              {
                "name": "BaseAddress",
                "value": "0x72f10000"
              },
              {
                "name": "InitRoutine",
                "value": "0x72f13540"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8693
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8694
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8695
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b759c2",
            "parentcaller": "0x72f13d63",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 8696
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b75a25",
            "parentcaller": "0x72f13d63",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100000",
                "pretty_value": "SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 8697
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75ba90ee",
            "parentcaller": "0x75b75a44",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006a0"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "9",
                "pretty_value": "FileNameInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x02\\x00\\x00\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 8698
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b75a7a",
            "parentcaller": "0x72f13d63",
            "category": "filesystem",
            "api": "GetVolumeInformationByHandleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "VolumeName",
                "value": ""
              },
              {
                "name": "VolumeSerial",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8699
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b75a85",
            "parentcaller": "0x72f13d63",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 8700
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b759c2",
            "parentcaller": "0x72f13d63",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 8701
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b75a25",
            "parentcaller": "0x72f13d63",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100000",
                "pretty_value": "SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 8702
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75ba90ee",
            "parentcaller": "0x75b75a44",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006a0"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "9",
                "pretty_value": "FileNameInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x02\\x00\\x00\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 8703
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b75a7a",
            "parentcaller": "0x72f13d63",
            "category": "filesystem",
            "api": "GetVolumeInformationByHandleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "VolumeName",
                "value": ""
              },
              {
                "name": "VolumeSerial",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8704
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b75a85",
            "parentcaller": "0x72f13d63",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 8705
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b759c2",
            "parentcaller": "0x72f13d63",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\"
              }
            ],
            "repeated": 0,
            "id": 8706
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b75a25",
            "parentcaller": "0x72f13d63",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100000",
                "pretty_value": "SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 8707
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75ba90ee",
            "parentcaller": "0x75b75a44",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006a0"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "9",
                "pretty_value": "FileNameInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x02\\x00\\x00\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 8708
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b75a7a",
            "parentcaller": "0x72f13d63",
            "category": "filesystem",
            "api": "GetVolumeInformationByHandleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              },
              {
                "name": "VolumeName",
                "value": ""
              },
              {
                "name": "VolumeSerial",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8709
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x75b75a85",
            "parentcaller": "0x72f13d63",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 8710
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8711
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8712
          },
          {
            "timestamp": "2026-06-28 21:56:20,074",
            "thread_id": "2856",
            "caller": "0x76f679e9",
            "parentcaller": "0x753bdc27",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8713
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x748a3f26",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 8714
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f5106f",
            "parentcaller": "0x76f4f009",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "pcacli.dll"
              }
            ],
            "repeated": 0,
            "id": 8715
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f5210c",
            "parentcaller": "0x76f52016",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\pcacli.dll"
              }
            ],
            "repeated": 0,
            "id": 8716
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f5e5df",
            "parentcaller": "0x76f5e155",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\pcacli.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 8717
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f5e61c",
            "parentcaller": "0x76f5e155",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000006a0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\pcacli.dll"
              }
            ],
            "repeated": 0,
            "id": 8718
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72ef0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8719
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f50087",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72efd000"
              },
              {
                "name": "ModuleName",
                "value": "pcacli.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8720
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f500b5",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72efd000"
              },
              {
                "name": "ModuleName",
                "value": "pcacli.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8721
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8722
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8723
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72efd000"
              },
              {
                "name": "ModuleName",
                "value": "pcacli.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8724
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f5e670",
            "parentcaller": "0x76f5e155",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 8725
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f5e678",
            "parentcaller": "0x76f5e155",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 8726
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72efd000"
              },
              {
                "name": "ModuleName",
                "value": "pcacli.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8727
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\pcacli"
              },
              {
                "name": "DllBase",
                "value": "0x72ef0000"
              }
            ],
            "repeated": 0,
            "id": 8728
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x75b90766",
            "parentcaller": "0x72ef4819",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 8729
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x72ef482d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlGetNtSystemRoot"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f401e0"
              }
            ],
            "repeated": 0,
            "id": 8730
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x72ef49cb",
            "parentcaller": "0x72ef4585",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags"
              }
            ],
            "repeated": 0,
            "id": 8731
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x72ef4a7b",
            "parentcaller": "0x72ef4585",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 8732
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x75b94081",
            "parentcaller": "0x72ef4db5",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-eventing-provider-l1-1-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 8733
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x75b9800a",
            "parentcaller": "0x72ef4dca",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "EventSetInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f30ab0"
              }
            ],
            "repeated": 0,
            "id": 8734
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x75b8ef86",
            "parentcaller": "0x72ef4df2",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\pcacli"
              },
              {
                "name": "BaseAddress",
                "value": "0x72ef0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x72ef58f0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8735
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8736
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8737
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x75bac408",
            "parentcaller": "0x72ef3bec",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "1"
              },
              {
                "name": "ThreadInformation",
                "value": "\t\\xc1\\xef\\xf1H\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0%&\\x00\\x00\\x00\\x00\\x00\\x84\\xd7\\x17\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 8738
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8739
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002d8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\AppCompat"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 8740
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8741
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\AppCompat"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 8742
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ac"
              }
            ],
            "repeated": 0,
            "id": 8743
          },
          {
            "timestamp": "2026-06-28 21:56:20,199",
            "thread_id": "3348",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e81000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8744
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75babca3",
            "parentcaller": "0x7489707d",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000660"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "1712"
              },
              {
                "name": "ProcessId",
                "value": "3236"
              }
            ],
            "repeated": 0,
            "id": 8745
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8746
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8747
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xf0\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00L\\xf1\\xfc\\xf0\\xf0\\xf0V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x98\\xf3\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8748
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas"
              }
            ],
            "repeated": 0,
            "id": 8749
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b9fd84",
            "parentcaller": "0x74841475",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000065c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006ac"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 8750
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8751
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8752
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8753
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Applications\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Applications\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8754
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Applications\\vs_setup_bootstrapper.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Applications\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8755
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8756
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8757
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\xe7\\xec\\xe6\\xe0\\xe6r\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x88\\xe9\\x08\\x0b\\xbc^\\xb8ur\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8758
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile"
              }
            ],
            "repeated": 0,
            "id": 8759
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8760
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8761
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xef\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x04\\xf0\\xb4\\xef\\xa8\\xefr\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00P\\xf2\\x08\\x0b\\xbc^\\xb8ur\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8762
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\Application"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\Application"
              }
            ],
            "repeated": 0,
            "id": 8763
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000572"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Application"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Application"
              }
            ],
            "repeated": 0,
            "id": 8764
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8765
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8766
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xe7\\x1c\\xe7\\x10\\xe7V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xb8\\xe9\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8767
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas"
              }
            ],
            "repeated": 0,
            "id": 8768
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8769
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8770
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00d\\xe7\\x14\\xe7\\x08\\xe7r\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb0\\xe9\\x08\\x0b\\xbc^\\xb8ur\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8771
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\Application"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\Application"
              }
            ],
            "repeated": 0,
            "id": 8772
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000572"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Application"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Application"
              }
            ],
            "repeated": 0,
            "id": 8773
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8774
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8775
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\xe3\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x94\\xe3D\\xe38\\xe3V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xe0\\xe5\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8776
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8777
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000556"
              },
              {
                "name": "ObjectAttributesName",
                "value": "command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8778
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8779
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b2"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8780
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xe2\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x1c\\xe3\\xcc\\xe2\\xc0\\xe2\\xb2\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02h\\xe5\\x08\\x0b\\xbc^\\xb8u\\xb2\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8781
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas\\command"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas\\command"
              }
            ],
            "repeated": 0,
            "id": 8782
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x755f7b27",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b2"
              }
            ],
            "repeated": 0,
            "id": 8783
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8784
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8785
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000036a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8786
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000036a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Applications\\%1.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Applications\\%1.exe"
              }
            ],
            "repeated": 0,
            "id": 8787
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Applications\\%1.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Applications\\%1.exe"
              }
            ],
            "repeated": 0,
            "id": 8788
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b7ad0e",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8789
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8790
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xe6\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00|\\xe7,\\xe7 \\xe7r\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xc8\\xe9\\x08\\x0b\\xbc^\\xb8ur\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8791
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\Progid"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\Progid"
              }
            ],
            "repeated": 0,
            "id": 8792
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b86068",
            "parentcaller": "0x75b7ad2b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000572"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Progid"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Progid"
              }
            ],
            "repeated": 0,
            "id": 8793
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8623b",
            "parentcaller": "0x75b82213",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8794
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85ebc",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000556"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8795
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x76f538d9",
            "parentcaller": "0x75b86104",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xf1\\x08\\x0b\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xdc\\xf1\\x8c\\xf1\\x80\\xf1V\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02(\\xf4\\x08\\x0b\\xbc^\\xb8uV\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8796
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b85f55",
            "parentcaller": "0x75b82249",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\exefile\\shell\\runas"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas"
              }
            ],
            "repeated": 0,
            "id": 8797
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x74841027",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 8798
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x74841033",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 8799
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7484103f",
            "category": "system",
            "api": "NtClose",
            "status": false,
            "return": "0xffffffffc0000008",
            "pretty_return": "INVALID_HANDLE",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8800
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x7621302b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000576"
              }
            ],
            "repeated": 0,
            "id": 8801
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75818b43",
            "parentcaller": "0x758189c5",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8802
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75625244",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056a"
              }
            ],
            "repeated": 0,
            "id": 8803
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75625244",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000572"
              }
            ],
            "repeated": 0,
            "id": 8804
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x75625244",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000556"
              }
            ],
            "repeated": 0,
            "id": 8805
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x747d568e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 8806
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x76f32546",
            "parentcaller": "0x76f31f50",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              }
            ],
            "repeated": 0,
            "id": 8807
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480d42e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 8808
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x74884cf2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              }
            ],
            "repeated": 0,
            "id": 8809
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x76f32546",
            "parentcaller": "0x76f31f50",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 8810
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x7480d42e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037c"
              }
            ],
            "repeated": 0,
            "id": 8811
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8696b",
            "parentcaller": "0x74884cf2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 8812
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3636",
            "caller": "0x00c89b58",
            "parentcaller": "0x00c894ed",
            "category": "process",
            "api": "ShellExecuteExW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FilePath",
                "value": "vs_bootstrapper_d15\\vs_setup_bootstrapper.exe "
              },
              {
                "name": "Parameters",
                "value": "  --env \"_SFX_CAB_EXE_PACKAGE:C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\\Users\\Rajesh\\AppData\\Local\\Temp\""
              },
              {
                "name": "Show",
                "value": "5",
                "pretty_value": "SW_SHOW"
              }
            ],
            "repeated": 0,
            "id": 8813
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b8f11f",
            "parentcaller": "0x758069c0",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75450000"
              }
            ],
            "repeated": 0,
            "id": 8814
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x76f6b4e6",
            "parentcaller": "0x75bab545",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3348"
              }
            ],
            "repeated": 0,
            "id": 8815
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x760b45ae",
            "parentcaller": "0x760b442c",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 8816
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x753cb380",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 8817
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x75b9106a",
            "parentcaller": "0x753cb402",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 8818
          },
          {
            "timestamp": "2026-06-28 21:56:21,715",
            "thread_id": "3348",
            "caller": "0x76f6b509",
            "parentcaller": "0x75bab545",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8819
          },
          {
            "timestamp": "2026-06-28 21:56:21,730",
            "thread_id": "3636",
            "caller": "0x00c89c11",
            "parentcaller": "0x00c894ed",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "100"
              }
            ],
            "repeated": 49,
            "id": 8820
          },
          {
            "timestamp": "2026-06-28 21:56:28,621",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 8821
          },
          {
            "timestamp": "2026-06-28 21:56:28,621",
            "thread_id": "5088",
            "caller": "0x00c8a8f0",
            "parentcaller": "0x00c8a80b",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 8822
          },
          {
            "timestamp": "2026-06-28 21:56:28,621",
            "thread_id": "5088",
            "caller": "0x00c8a8f0",
            "parentcaller": "0x00c8a80b",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000e04de"
              },
              {
                "name": "Message",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8823
          },
          {
            "timestamp": "2026-06-28 21:56:28,621",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8824
          },
          {
            "timestamp": "2026-06-28 21:56:28,621",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE"
              }
            ],
            "repeated": 0,
            "id": 8825
          },
          {
            "timestamp": "2026-06-28 21:56:28,621",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 8826
          },
          {
            "timestamp": "2026-06-28 21:56:28,652",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 8827
          },
          {
            "timestamp": "2026-06-28 21:56:28,652",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8828
          },
          {
            "timestamp": "2026-06-28 21:56:28,652",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8829
          },
          {
            "timestamp": "2026-06-28 21:56:28,652",
            "thread_id": "5088",
            "caller": "0x00c8a80b",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75450000"
              }
            ],
            "repeated": 0,
            "id": 8830
          },
          {
            "timestamp": "2026-06-28 21:56:28,699",
            "thread_id": "5088",
            "caller": "0x76f6b4e6",
            "parentcaller": "0x7514fa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "5088"
              }
            ],
            "repeated": 0,
            "id": 8831
          },
          {
            "timestamp": "2026-06-28 21:56:28,699",
            "thread_id": "3636",
            "caller": "0x00c8a71f",
            "parentcaller": "0x00c894ed",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000e04de"
              },
              {
                "name": "Message",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 8832
          },
          {
            "timestamp": "2026-06-28 21:56:28,699",
            "thread_id": "3636",
            "caller": "0x00c8a731",
            "parentcaller": "0x00c894ed",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000027c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8833
          },
          {
            "timestamp": "2026-06-28 21:56:28,699",
            "thread_id": "5088",
            "caller": "0x760b45ae",
            "parentcaller": "0x760b442c",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 8834
          },
          {
            "timestamp": "2026-06-28 21:56:28,699",
            "thread_id": "5088",
            "caller": "0x75b9106a",
            "parentcaller": "0x753cb380",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 8835
          },
          {
            "timestamp": "2026-06-28 21:56:28,699",
            "thread_id": "5088",
            "caller": "0x75b9106a",
            "parentcaller": "0x753cb402",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 8836
          },
          {
            "timestamp": "2026-06-28 21:56:28,699",
            "thread_id": "5088",
            "caller": "0x76f6b509",
            "parentcaller": "0x7514fa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8837
          },
          {
            "timestamp": "2026-06-28 21:56:28,699",
            "thread_id": "3636",
            "caller": "0x00c8a773",
            "parentcaller": "0x00c894ed",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000027c"
              }
            ],
            "repeated": 0,
            "id": 8838
          },
          {
            "timestamp": "2026-06-28 21:56:28,699",
            "thread_id": "3636",
            "caller": "0x00c8a783",
            "parentcaller": "0x00c894ed",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000278"
              }
            ],
            "repeated": 0,
            "id": 8839
          },
          {
            "timestamp": "2026-06-28 21:56:28,699",
            "thread_id": "3636",
            "caller": "0x00c89c37",
            "parentcaller": "0x00c894ed",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ac"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8840
          },
          {
            "timestamp": "2026-06-28 21:56:50,074",
            "thread_id": "2368",
            "caller": "0x75b9106a",
            "parentcaller": "0x7560a1ce",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a8"
              }
            ],
            "repeated": 0,
            "id": 8841
          },
          {
            "timestamp": "2026-06-28 21:56:50,074",
            "thread_id": "2368",
            "caller": "0x75b8f11f",
            "parentcaller": "0x758069c0",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75450000"
              }
            ],
            "repeated": 0,
            "id": 8842
          },
          {
            "timestamp": "2026-06-28 21:56:50,074",
            "thread_id": "2368",
            "caller": "0x75b9106a",
            "parentcaller": "0x7560a1ce",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ac"
              }
            ],
            "repeated": 0,
            "id": 8843
          },
          {
            "timestamp": "2026-06-28 21:56:50,074",
            "thread_id": "2368",
            "caller": "0x76f6b4e6",
            "parentcaller": "0x75bab545",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2368"
              }
            ],
            "repeated": 0,
            "id": 8844
          },
          {
            "timestamp": "2026-06-28 21:56:50,074",
            "thread_id": "2368",
            "caller": "0x75b9106a",
            "parentcaller": "0x7580cd3f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 8845
          },
          {
            "timestamp": "2026-06-28 21:56:50,074",
            "thread_id": "2368",
            "caller": "0x760b45ae",
            "parentcaller": "0x760b442c",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 8846
          },
          {
            "timestamp": "2026-06-28 21:56:50,074",
            "thread_id": "2368",
            "caller": "0x75b9106a",
            "parentcaller": "0x753cb380",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005cc"
              }
            ],
            "repeated": 0,
            "id": 8847
          },
          {
            "timestamp": "2026-06-28 21:56:50,074",
            "thread_id": "2368",
            "caller": "0x75b9106a",
            "parentcaller": "0x753cb402",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8848
          },
          {
            "timestamp": "2026-06-28 21:56:50,074",
            "thread_id": "2368",
            "caller": "0x76f6b509",
            "parentcaller": "0x75bab545",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8849
          },
          {
            "timestamp": "2026-06-28 21:57:14,152",
            "thread_id": "508",
            "caller": "0x76f6b4e6",
            "parentcaller": "0x76f3603c",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "508"
              }
            ],
            "repeated": 0,
            "id": 8850
          },
          {
            "timestamp": "2026-06-28 21:57:14,152",
            "thread_id": "508",
            "caller": "0x76f6b509",
            "parentcaller": "0x76f3603c",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8851
          },
          {
            "timestamp": "2026-06-28 21:57:14,168",
            "thread_id": "3628",
            "caller": "0x76f6b4e6",
            "parentcaller": "0x76f3603c",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3628"
              }
            ],
            "repeated": 0,
            "id": 8852
          },
          {
            "timestamp": "2026-06-28 21:57:14,168",
            "thread_id": "3628",
            "caller": "0x76f6b509",
            "parentcaller": "0x76f3603c",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8853
          },
          {
            "timestamp": "2026-06-28 21:57:14,715",
            "thread_id": "2856",
            "caller": "0x753c8108",
            "parentcaller": "0x753c7fbd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002cc"
              }
            ],
            "repeated": 0,
            "id": 8854
          },
          {
            "timestamp": "2026-06-28 21:57:23,199",
            "thread_id": "4500",
            "caller": "0x75b9fd84",
            "parentcaller": "0x753ca7ea",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 8855
          },
          {
            "timestamp": "2026-06-28 21:58:28,168",
            "thread_id": "2856",
            "caller": "0x76f6b4e6",
            "parentcaller": "0x76f3603c",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2856"
              }
            ],
            "repeated": 0,
            "id": 8856
          },
          {
            "timestamp": "2026-06-28 21:58:28,168",
            "thread_id": "2856",
            "caller": "0x75b9106a",
            "parentcaller": "0x753cb380",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 8857
          },
          {
            "timestamp": "2026-06-28 21:58:28,168",
            "thread_id": "2856",
            "caller": "0x75b9106a",
            "parentcaller": "0x753cb402",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 8858
          },
          {
            "timestamp": "2026-06-28 21:58:28,168",
            "thread_id": "2856",
            "caller": "0x76f6b509",
            "parentcaller": "0x76f3603c",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8859
          },
          {
            "timestamp": "2026-06-28 21:58:28,168",
            "thread_id": "2736",
            "caller": "0x76f6b4e6",
            "parentcaller": "0x76f3603c",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2736"
              }
            ],
            "repeated": 0,
            "id": 8860
          },
          {
            "timestamp": "2026-06-28 21:58:28,168",
            "thread_id": "2736",
            "caller": "0x76f6b509",
            "parentcaller": "0x76f3603c",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8861
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c89c4c",
            "parentcaller": "0x00c894ed",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ac"
              }
            ],
            "repeated": 0,
            "id": 8862
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8f215",
            "parentcaller": "0x00c89c5d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100020",
                "pretty_value": "FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 8863
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8f215",
            "parentcaller": "0x00c89c5d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000274"
              }
            ],
            "repeated": 0,
            "id": 8864
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c592",
            "parentcaller": "0x00c9e00a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000254"
              }
            ],
            "repeated": 0,
            "id": 8865
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 8866
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 8867
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 8868
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000398"
              }
            ],
            "repeated": 0,
            "id": 8869
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a0"
              }
            ],
            "repeated": 0,
            "id": 8870
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 8871
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 8872
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a4"
              }
            ],
            "repeated": 0,
            "id": 8873
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 8874
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 8875
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b0"
              }
            ],
            "repeated": 0,
            "id": 8876
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 8877
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003bc"
              }
            ],
            "repeated": 0,
            "id": 8878
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c0"
              }
            ],
            "repeated": 0,
            "id": 8879
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 8880
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c8"
              }
            ],
            "repeated": 0,
            "id": 8881
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c4"
              }
            ],
            "repeated": 0,
            "id": 8882
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003cc"
              }
            ],
            "repeated": 0,
            "id": 8883
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 8884
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              }
            ],
            "repeated": 0,
            "id": 8885
          },
          {
            "timestamp": "2026-06-28 21:58:44,996",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e0"
              }
            ],
            "repeated": 0,
            "id": 8886
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d8"
              }
            ],
            "repeated": 0,
            "id": 8887
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 8888
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ec"
              }
            ],
            "repeated": 0,
            "id": 8889
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e4"
              }
            ],
            "repeated": 0,
            "id": 8890
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f4"
              }
            ],
            "repeated": 0,
            "id": 8891
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 8892
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 8893
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 8894
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 8895
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              }
            ],
            "repeated": 0,
            "id": 8896
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000408"
              }
            ],
            "repeated": 0,
            "id": 8897
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000420"
              }
            ],
            "repeated": 0,
            "id": 8898
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000424"
              }
            ],
            "repeated": 0,
            "id": 8899
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              }
            ],
            "repeated": 0,
            "id": 8900
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000418"
              }
            ],
            "repeated": 0,
            "id": 8901
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000414"
              }
            ],
            "repeated": 0,
            "id": 8902
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 8903
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 8904
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f0"
              }
            ],
            "repeated": 0,
            "id": 8905
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000043c"
              }
            ],
            "repeated": 0,
            "id": 8906
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              }
            ],
            "repeated": 0,
            "id": 8907
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000438"
              }
            ],
            "repeated": 0,
            "id": 8908
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 8909
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 8910
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              }
            ],
            "repeated": 0,
            "id": 8911
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              }
            ],
            "repeated": 0,
            "id": 8912
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              }
            ],
            "repeated": 0,
            "id": 8913
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000464"
              }
            ],
            "repeated": 0,
            "id": 8914
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 8915
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 8916
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8c557",
            "parentcaller": "0x00c8952c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 8917
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8b98d",
            "parentcaller": "0x00c9e00a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\cabinet"
              },
              {
                "name": "DllBase",
                "value": "0x74160000"
              }
            ],
            "repeated": 0,
            "id": 8918
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8b98d",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8919
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8b98d",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8920
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8b98d",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74160000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 8921
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8b98d",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09540000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 8922
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8b98d",
            "parentcaller": "0x00c9e00a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4d\\COMCTL32"
              },
              {
                "name": "DllBase",
                "value": "0x740d0000"
              }
            ],
            "repeated": 0,
            "id": 8923
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8b98d",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8924
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8b98d",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8925
          },
          {
            "timestamp": "2026-06-28 21:58:45,011",
            "thread_id": "3636",
            "caller": "0x00c8b98d",
            "parentcaller": "0x00c9e00a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x740d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 8926
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html"
              }
            ],
            "repeated": 0,
            "id": 8927
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html"
              }
            ],
            "repeated": 0,
            "id": 8928
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
              }
            ],
            "repeated": 0,
            "id": 8929
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html"
              }
            ],
            "repeated": 0,
            "id": 8930
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html"
              }
            ],
            "repeated": 0,
            "id": 8931
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
              }
            ],
            "repeated": 0,
            "id": 8932
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html"
              }
            ],
            "repeated": 0,
            "id": 8933
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
              }
            ],
            "repeated": 0,
            "id": 8934
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html"
              }
            ],
            "repeated": 0,
            "id": 8935
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html"
              }
            ],
            "repeated": 0,
            "id": 8936
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
              }
            ],
            "repeated": 0,
            "id": 8937
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html"
              }
            ],
            "repeated": 0,
            "id": 8938
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html"
              }
            ],
            "repeated": 0,
            "id": 8939
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
              }
            ],
            "repeated": 0,
            "id": 8940
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
              }
            ],
            "repeated": 0,
            "id": 8941
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
              }
            ],
            "repeated": 0,
            "id": 8942
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
              }
            ],
            "repeated": 0,
            "id": 8943
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
              }
            ],
            "repeated": 0,
            "id": 8944
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
              }
            ],
            "repeated": 0,
            "id": 8945
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
              }
            ],
            "repeated": 0,
            "id": 8946
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
              }
            ],
            "repeated": 0,
            "id": 8947
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll"
              }
            ],
            "repeated": 0,
            "id": 8948
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
              }
            ],
            "repeated": 0,
            "id": 8949
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
              }
            ],
            "repeated": 0,
            "id": 8950
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
              }
            ],
            "repeated": 0,
            "id": 8951
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
              }
            ],
            "repeated": 0,
            "id": 8952
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
              }
            ],
            "repeated": 0,
            "id": 8953
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
              }
            ],
            "repeated": 0,
            "id": 8954
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
              }
            ],
            "repeated": 0,
            "id": 8955
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
              }
            ],
            "repeated": 0,
            "id": 8956
          },
          {
            "timestamp": "2026-06-28 21:58:45,027",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
              }
            ],
            "repeated": 0,
            "id": 8957
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
              }
            ],
            "repeated": 0,
            "id": 8958
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
              }
            ],
            "repeated": 0,
            "id": 8959
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll"
              }
            ],
            "repeated": 0,
            "id": 8960
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
              }
            ],
            "repeated": 0,
            "id": 8961
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 8962
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 8963
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 8964
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 8965
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 8966
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 8967
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 8968
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 8969
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 8970
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 8971
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 8972
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 8973
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 8974
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config"
              }
            ],
            "repeated": 0,
            "id": 8975
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config"
              }
            ],
            "repeated": 0,
            "id": 8976
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
              }
            ],
            "repeated": 0,
            "id": 8977
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8a200",
            "parentcaller": "0x00c89555",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json"
              }
            ],
            "repeated": 0,
            "id": 8978
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8a281",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\"
              }
            ],
            "repeated": 0,
            "id": 8979
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8e1a7",
            "parentcaller": "0x00c8ef70",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e86000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8980
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8a281",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e30b78",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf093c670"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 8981
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 8982
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e306f8",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf0f1e6d7"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 8983
          },
          {
            "timestamp": "2026-06-28 21:58:45,043",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\"
              }
            ],
            "repeated": 0,
            "id": 8984
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e30d38",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1d51281"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 8985
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 8986
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\"
              }
            ],
            "repeated": 0,
            "id": 8987
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\"
              }
            ],
            "repeated": 0,
            "id": 8988
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e30d38",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1c926df"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 8989
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 8990
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\"
              }
            ],
            "repeated": 0,
            "id": 8991
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\"
              }
            ],
            "repeated": 0,
            "id": 8992
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e30d38",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1dea01b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 8993
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 8994
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\"
              }
            ],
            "repeated": 0,
            "id": 8995
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\"
              }
            ],
            "repeated": 0,
            "id": 8996
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e30d38",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1cb88ba"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 8997
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 8998
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\"
              }
            ],
            "repeated": 0,
            "id": 8999
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\"
              }
            ],
            "repeated": 0,
            "id": 9000
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e30d38",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf0f1e6d7"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9001
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\"
              }
            ],
            "repeated": 0,
            "id": 9002
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e30078",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf10fd5f1"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9003
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9004
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\"
              }
            ],
            "repeated": 0,
            "id": 9005
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\"
              }
            ],
            "repeated": 0,
            "id": 9006
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05170",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1131394"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9007
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9008
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\"
              }
            ],
            "repeated": 0,
            "id": 9009
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\"
              }
            ],
            "repeated": 0,
            "id": 9010
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05170",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1048366"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9011
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9012
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\"
              }
            ],
            "repeated": 0,
            "id": 9013
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\"
              }
            ],
            "repeated": 0,
            "id": 9014
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05170",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf0f1e6d7"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9015
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9016
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\"
              }
            ],
            "repeated": 0,
            "id": 9017
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\"
              }
            ],
            "repeated": 0,
            "id": 9018
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05370",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf11d1e79"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9019
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9020
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\"
              }
            ],
            "repeated": 0,
            "id": 9021
          },
          {
            "timestamp": "2026-06-28 21:58:45,058",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\"
              }
            ],
            "repeated": 0,
            "id": 9022
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05170",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf0fea634"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9023
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9024
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\"
              }
            ],
            "repeated": 0,
            "id": 9025
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\"
              }
            ],
            "repeated": 0,
            "id": 9026
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05170",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf107da0c"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9027
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9028
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\"
              }
            ],
            "repeated": 0,
            "id": 9029
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\"
              }
            ],
            "repeated": 0,
            "id": 9030
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e053b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf11abc76"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9031
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9032
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\"
              }
            ],
            "repeated": 0,
            "id": 9033
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\"
              }
            ],
            "repeated": 0,
            "id": 9034
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05230",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf117b8a4"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9035
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9036
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\"
              }
            ],
            "repeated": 0,
            "id": 9037
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\"
              }
            ],
            "repeated": 0,
            "id": 9038
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e053b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf0f4e243"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9039
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9040
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\"
              }
            ],
            "repeated": 0,
            "id": 9041
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\"
              }
            ],
            "repeated": 0,
            "id": 9042
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05370",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf121e345"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9043
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9044
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\"
              }
            ],
            "repeated": 0,
            "id": 9045
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\"
              }
            ],
            "repeated": 0,
            "id": 9046
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05170",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf0fac2bb"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9047
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9048
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\"
              }
            ],
            "repeated": 0,
            "id": 9049
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\"
              }
            ],
            "repeated": 0,
            "id": 9050
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05370",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf10bfcb7"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9051
          },
          {
            "timestamp": "2026-06-28 21:58:45,074",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9052
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\"
              }
            ],
            "repeated": 0,
            "id": 9053
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\"
              }
            ],
            "repeated": 0,
            "id": 9054
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05170",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1013d9f"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9055
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9056
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\"
              }
            ],
            "repeated": 0,
            "id": 9057
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 9058
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\"
              }
            ],
            "repeated": 0,
            "id": 9059
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\"
              }
            ],
            "repeated": 0,
            "id": 9060
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05370",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1d2b08e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9061
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 9062
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\"
              }
            ],
            "repeated": 0,
            "id": 9063
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\"
              }
            ],
            "repeated": 0,
            "id": 9064
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05170",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1d77455"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9065
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 9066
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\"
              }
            ],
            "repeated": 0,
            "id": 9067
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\"
              }
            ],
            "repeated": 0,
            "id": 9068
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e055b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1d04de0"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9069
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 9070
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\"
              }
            ],
            "repeated": 0,
            "id": 9071
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\"
              }
            ],
            "repeated": 0,
            "id": 9072
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05170",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1e0fdc2"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9073
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 9074
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\"
              }
            ],
            "repeated": 0,
            "id": 9075
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\"
              }
            ],
            "repeated": 0,
            "id": 9076
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05370",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1c6c3ec"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9077
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 9078
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\"
              }
            ],
            "repeated": 0,
            "id": 9079
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\"
              }
            ],
            "repeated": 0,
            "id": 9080
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05170",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1e36076"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9081
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 9082
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\"
              }
            ],
            "repeated": 0,
            "id": 9083
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\"
              }
            ],
            "repeated": 0,
            "id": 9084
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05170",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf17eb440"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9085
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\"
              }
            ],
            "repeated": 0,
            "id": 9086
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e051f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf192d43c"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9087
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\"
              }
            ],
            "repeated": 0,
            "id": 9088
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05230",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf192d43c"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9089
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000254"
              }
            ],
            "repeated": 0,
            "id": 9090
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\"
              }
            ],
            "repeated": 0,
            "id": 9091
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9092
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\"
              }
            ],
            "repeated": 0,
            "id": 9093
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\"
              }
            ],
            "repeated": 0,
            "id": 9094
          },
          {
            "timestamp": "2026-06-28 21:58:45,090",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e051f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf17eb440"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9095
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\"
              }
            ],
            "repeated": 0,
            "id": 9096
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05370",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf17eb440"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9097
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000254"
              }
            ],
            "repeated": 0,
            "id": 9098
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\"
              }
            ],
            "repeated": 0,
            "id": 9099
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9100
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\"
              }
            ],
            "repeated": 0,
            "id": 9101
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\"
              }
            ],
            "repeated": 0,
            "id": 9102
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05230",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1a8abc4"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9103
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\"
              }
            ],
            "repeated": 0,
            "id": 9104
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e051f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1a8abc4"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9105
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000254"
              }
            ],
            "repeated": 0,
            "id": 9106
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\"
              }
            ],
            "repeated": 0,
            "id": 9107
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 9108
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\"
              }
            ],
            "repeated": 0,
            "id": 9109
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 9110
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\"
              }
            ],
            "repeated": 0,
            "id": 9111
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\"
              }
            ],
            "repeated": 0,
            "id": 9112
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05170",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1dc39f7"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9113
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 9114
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\"
              }
            ],
            "repeated": 0,
            "id": 9115
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\"
              }
            ],
            "repeated": 0,
            "id": 9116
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e05170",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1d9d859"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9117
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 9118
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\"
              }
            ],
            "repeated": 0,
            "id": 9119
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8eee0",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\"
              }
            ],
            "repeated": 0,
            "id": 9120
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8ef8e",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x04e051f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\*.*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1c461c0"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 9121
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 9122
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\"
              }
            ],
            "repeated": 0,
            "id": 9123
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8f052",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 9124
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8f052",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
              }
            ],
            "repeated": 0,
            "id": 9125
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f114",
            "parentcaller": "0x00c8a281",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 9126
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8f12a",
            "parentcaller": "0x00c8a281",
            "category": "filesystem",
            "api": "RemoveDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\"
              }
            ],
            "repeated": 0,
            "id": 9127
          },
          {
            "timestamp": "2026-06-28 21:58:45,105",
            "thread_id": "3636",
            "caller": "0x00c8db0c",
            "parentcaller": "0x00c89577",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9128
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8daeb",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "[6/29/2026, 6:58:38] "
              },
              {
                "name": "Length",
                "value": "21"
              }
            ],
            "repeated": 0,
            "id": 9129
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "The entire Box execution exiting with result code: 0x0"
              },
              {
                "name": "Length",
                "value": "54"
              }
            ],
            "repeated": 0,
            "id": 9130
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c8dda2",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "\r\n"
              },
              {
                "name": "Length",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 9131
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c8db0c",
            "parentcaller": "0x00c8958a",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9132
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8daeb",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "[6/29/2026, 6:58:38] "
              },
              {
                "name": "Length",
                "value": "21"
              }
            ],
            "repeated": 0,
            "id": 9133
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "Launched extracted application exiting with result code: 0x0"
              },
              {
                "name": "Length",
                "value": "60"
              }
            ],
            "repeated": 0,
            "id": 9134
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c8dda2",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "\r\n"
              },
              {
                "name": "Length",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 9135
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c8e81c",
            "parentcaller": "0x00c8e870",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "44"
              }
            ],
            "repeated": 0,
            "id": 9136
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c8e82b",
            "parentcaller": "0x00c8e870",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9137
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c8e83d",
            "parentcaller": "0x00c8e870",
            "category": "misc",
            "api": "SystemTimeToTzSpecificLocalTime",
            "status": true,
            "return": "0x00000001",
            "arguments": [],
            "repeated": 0,
            "id": 9138
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c8db0c",
            "parentcaller": "0x00c895af",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9139
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8daeb",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "[6/29/2026, 6:58:38] "
              },
              {
                "name": "Length",
                "value": "21"
              }
            ],
            "repeated": 0,
            "id": 9140
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c8dd75",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "=== Logging stopped: 2026/06/29 06:58:38 ==="
              },
              {
                "name": "Length",
                "value": "44"
              }
            ],
            "repeated": 0,
            "id": 9141
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c8dda2",
            "parentcaller": "0x00c8db59",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
              },
              {
                "name": "Buffer",
                "value": "\r\n"
              },
              {
                "name": "Length",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 9142
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00c895ce",
            "parentcaller": "0x00c9e00a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 9143
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00ca9c04",
            "parentcaller": "0x00ca9c51",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74cf0000"
              },
              {
                "name": "FunctionName",
                "value": "AppPolicyGetProcessTerminationMethod"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74cf3a40"
              }
            ],
            "repeated": 0,
            "id": 9144
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00ca70c2",
            "parentcaller": "0x00ca705a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74cf3a40"
              }
            ],
            "repeated": 0,
            "id": 9145
          },
          {
            "timestamp": "2026-06-28 21:58:45,121",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9146
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 9147
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a4"
              }
            ],
            "repeated": 0,
            "id": 9148
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e9a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9149
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 9150
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 9151
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 9152
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              }
            ],
            "repeated": 0,
            "id": 9153
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9154
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 9155
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9156
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9157
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 9158
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 9159
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              }
            ],
            "repeated": 0,
            "id": 9160
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              }
            ],
            "repeated": 0,
            "id": 9161
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000658"
              }
            ],
            "repeated": 0,
            "id": 9162
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9163
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9164
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005fc"
              }
            ],
            "repeated": 0,
            "id": 9165
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 9166
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 9167
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 9168
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9169
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000063c"
              }
            ],
            "repeated": 0,
            "id": 9170
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9171
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9172
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 9173
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000468"
              }
            ],
            "repeated": 0,
            "id": 9174
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09940000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9175
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000444"
              }
            ],
            "repeated": 0,
            "id": 9176
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 9177
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 9178
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 9179
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 9180
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtUpdateWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f746b0"
              }
            ],
            "repeated": 0,
            "id": 9181
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              }
            ],
            "repeated": 0,
            "id": 9182
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 9183
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              }
            ],
            "repeated": 0,
            "id": 9184
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000488"
              }
            ],
            "repeated": 0,
            "id": 9185
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 9186
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              }
            ],
            "repeated": 0,
            "id": 9187
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 9188
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 9189
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 9190
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 9191
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 9192
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 9193
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9194
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 9195
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000474"
              }
            ],
            "repeated": 0,
            "id": 9196
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9197
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9198
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9199
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9200
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              }
            ],
            "repeated": 0,
            "id": 9201
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              }
            ],
            "repeated": 0,
            "id": 9202
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000314"
              }
            ],
            "repeated": 0,
            "id": 9203
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9204
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9205
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000308"
              }
            ],
            "repeated": 0,
            "id": 9206
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 9207
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9208
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9209
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 9210
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 9211
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9212
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9213
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9214
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9215
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d4"
              }
            ],
            "repeated": 0,
            "id": 9216
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 9217
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              }
            ],
            "repeated": 0,
            "id": 9218
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e8"
              }
            ],
            "repeated": 0,
            "id": 9219
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ec"
              }
            ],
            "repeated": 0,
            "id": 9220
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 9221
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 9222
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 9223
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a0"
              }
            ],
            "repeated": 0,
            "id": 9224
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002d0"
              }
            ],
            "repeated": 0,
            "id": 9225
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              }
            ],
            "repeated": 0,
            "id": 9226
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 9227
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b0"
              }
            ],
            "repeated": 0,
            "id": 9228
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000294"
              }
            ],
            "repeated": 0,
            "id": 9229
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              }
            ],
            "repeated": 0,
            "id": 9230
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9231
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9232
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 9233
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000628"
              }
            ],
            "repeated": 0,
            "id": 9234
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000062c"
              }
            ],
            "repeated": 0,
            "id": 9235
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 9236
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 9237
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 9238
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9239
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9240
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 9241
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 9242
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 9243
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 9244
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000610"
              }
            ],
            "repeated": 0,
            "id": 9245
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000614"
              }
            ],
            "repeated": 0,
            "id": 9246
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000618"
              }
            ],
            "repeated": 0,
            "id": 9247
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000061c"
              }
            ],
            "repeated": 0,
            "id": 9248
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000620"
              }
            ],
            "repeated": 0,
            "id": 9249
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 9250
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 9251
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000026c"
              }
            ],
            "repeated": 0,
            "id": 9252
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 9253
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 9254
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 9255
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 9256
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000318"
              }
            ],
            "repeated": 0,
            "id": 9257
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9258
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000324"
              }
            ],
            "repeated": 0,
            "id": 9259
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9260
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 9261
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06b30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 9262
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 9263
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9264
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9265
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f8"
              }
            ],
            "repeated": 0,
            "id": 9266
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 9267
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f4"
              }
            ],
            "repeated": 0,
            "id": 9268
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              }
            ],
            "repeated": 0,
            "id": 9269
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d0"
              }
            ],
            "repeated": 0,
            "id": 9270
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d4"
              }
            ],
            "repeated": 0,
            "id": 9271
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001cc"
              }
            ],
            "repeated": 0,
            "id": 9272
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b4"
              }
            ],
            "repeated": 0,
            "id": 9273
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b8"
              }
            ],
            "repeated": 0,
            "id": 9274
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001bc"
              }
            ],
            "repeated": 0,
            "id": 9275
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001c0"
              }
            ],
            "repeated": 0,
            "id": 9276
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001c4"
              }
            ],
            "repeated": 0,
            "id": 9277
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001c8"
              }
            ],
            "repeated": 0,
            "id": 9278
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x755b2000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9279
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x755b2000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9280
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ac"
              }
            ],
            "repeated": 0,
            "id": 9281
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b0"
              }
            ],
            "repeated": 0,
            "id": 9282
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001a8"
              }
            ],
            "repeated": 0,
            "id": 9283
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9284
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9285
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000188"
              }
            ],
            "repeated": 0,
            "id": 9286
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000190"
              }
            ],
            "repeated": 0,
            "id": 9287
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000194"
              }
            ],
            "repeated": 0,
            "id": 9288
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000198"
              }
            ],
            "repeated": 0,
            "id": 9289
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000019c"
              }
            ],
            "repeated": 0,
            "id": 9290
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001a4"
              }
            ],
            "repeated": 0,
            "id": 9291
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001a0"
              }
            ],
            "repeated": 0,
            "id": 9292
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000168"
              }
            ],
            "repeated": 0,
            "id": 9293
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000016c"
              }
            ],
            "repeated": 0,
            "id": 9294
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000164"
              }
            ],
            "repeated": 0,
            "id": 9295
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              }
            ],
            "repeated": 0,
            "id": 9296
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 9297
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000160"
              }
            ],
            "repeated": 0,
            "id": 9298
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000158"
              }
            ],
            "repeated": 0,
            "id": 9299
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000015c"
              }
            ],
            "repeated": 0,
            "id": 9300
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000154"
              }
            ],
            "repeated": 0,
            "id": 9301
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000150"
              }
            ],
            "repeated": 0,
            "id": 9302
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 9303
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000035a"
              }
            ],
            "repeated": 0,
            "id": 9304
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c4"
              }
            ],
            "repeated": 0,
            "id": 9305
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 9306
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005b4"
              }
            ],
            "repeated": 0,
            "id": 9307
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000138"
              }
            ],
            "repeated": 0,
            "id": 9308
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000120"
              }
            ],
            "repeated": 0,
            "id": 9309
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000124"
              }
            ],
            "repeated": 0,
            "id": 9310
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000128"
              }
            ],
            "repeated": 0,
            "id": 9311
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000012c"
              }
            ],
            "repeated": 0,
            "id": 9312
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000130"
              }
            ],
            "repeated": 0,
            "id": 9313
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000134"
              }
            ],
            "repeated": 0,
            "id": 9314
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000140"
              }
            ],
            "repeated": 0,
            "id": 9315
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000013c"
              }
            ],
            "repeated": 0,
            "id": 9316
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 9317
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              }
            ],
            "repeated": 0,
            "id": 9318
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000011c"
              }
            ],
            "repeated": 0,
            "id": 9319
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000114"
              }
            ],
            "repeated": 0,
            "id": 9320
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000118"
              }
            ],
            "repeated": 0,
            "id": 9321
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000100"
              }
            ],
            "repeated": 0,
            "id": 9322
          },
          {
            "timestamp": "2026-06-28 21:58:45,168",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000104"
              }
            ],
            "repeated": 0,
            "id": 9323
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d0"
              }
            ],
            "repeated": 0,
            "id": 9324
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d4"
              }
            ],
            "repeated": 0,
            "id": 9325
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d8"
              }
            ],
            "repeated": 0,
            "id": 9326
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000270"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              }
            ],
            "repeated": 0,
            "id": 9327
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              }
            ],
            "repeated": 0,
            "id": 9328
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000270"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              }
            ],
            "repeated": 0,
            "id": 9329
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              }
            ],
            "repeated": 0,
            "id": 9330
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d30000"
              },
              {
                "name": "RegionSize",
                "value": "0x01260000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9331
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000328"
              }
            ],
            "repeated": 0,
            "id": 9332
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 9333
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e1a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9334
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04ea1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9335
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e74000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9336
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9337
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9338
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000cc"
              }
            ],
            "repeated": 0,
            "id": 9339
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000c8"
              }
            ],
            "repeated": 0,
            "id": 9340
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000c4"
              }
            ],
            "repeated": 0,
            "id": 9341
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 9342
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 9343
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              }
            ],
            "repeated": 0,
            "id": 9344
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000c0"
              }
            ],
            "repeated": 0,
            "id": 9345
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000088"
              }
            ],
            "repeated": 0,
            "id": 9346
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000008c"
              }
            ],
            "repeated": 0,
            "id": 9347
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000094"
              }
            ],
            "repeated": 0,
            "id": 9348
          },
          {
            "timestamp": "2026-06-28 21:58:45,183",
            "thread_id": "3636",
            "caller": "0x00ca7064",
            "parentcaller": "0x00ca702e",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9349
          }
        ],
        "threads": [
          "3636",
          "4704",
          "4708",
          "4228",
          "2064",
          "5088",
          "4660",
          "4948",
          "2108",
          "3348",
          "2856",
          "2736",
          "4500",
          "2368",
          "508",
          "3628"
        ],
        "environ": {
          "UserName": "Rajesh",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe\" ",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x00c80000",
          "MainExeSize": "0x0006e000",
          "Bitness": "32-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 756,
        "process_name": "svchost.exe",
        "parent_id": 632,
        "module_path": "C:\\Windows\\System32\\svchost.exe",
        "first_seen": "2026-06-28 21:56:17,656",
        "calls": [
          {
            "timestamp": "2026-06-28 21:56:18,781",
            "thread_id": "844",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ca8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-06-28 21:56:25,906",
            "thread_id": "844",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000c50"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\wbem\\WmiPrvSE.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-06-28 21:56:25,906",
            "thread_id": "844",
            "caller": "0x7ff9a8494796",
            "parentcaller": "0x7ff9a849466e",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ca8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x22e53d90000"
              },
              {
                "name": "SectionOffset",
                "value": "0x36abefd0c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00067000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-06-28 21:56:25,921",
            "thread_id": "844",
            "caller": "0x7ff9a8438e73",
            "parentcaller": "0x7ff9a84363c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000864"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000d4c"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe"
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe -secured -Embedding"
              },
              {
                "name": "DllPath",
                "value": ""
              },
              {
                "name": "ProcessId",
                "value": "140707423587968"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-06-28 21:56:28,781",
            "thread_id": "3624",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000efc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-06-28 21:56:29,953",
            "thread_id": "3624",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a5f6c100",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000ca8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000d60"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000ca8"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-06-28 21:56:29,953",
            "thread_id": "3624",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a5f6c100",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000d60"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000ca8"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000d60"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-06-28 21:56:29,953",
            "thread_id": "848",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a5f6c100",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000ca8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000d60"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000ca8"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-06-28 21:56:30,890",
            "thread_id": "848",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a5f6c100",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000c50"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000d60"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000c50"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-06-28 21:56:30,890",
            "thread_id": "3624",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a5f6c100",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000006ac"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000d60"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006ac"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-06-28 21:56:30,890",
            "thread_id": "1176",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a5f6c100",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000033c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000d60"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000033c"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-06-28 21:56:31,453",
            "thread_id": "844",
            "caller": "0x7ff9a84363c3",
            "parentcaller": "0x7ff9aa3edb20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe"
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe -secured -Embedding"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000010",
                "pretty_value": "CREATE_NEW_CONSOLE"
              },
              {
                "name": "ProcessId",
                "value": "3712"
              },
              {
                "name": "ThreadId",
                "value": "4420"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00000864"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000d4c"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-06-28 21:56:31,640",
            "thread_id": "3624",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a84632e1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a7170000"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-06-28 21:56:31,953",
            "thread_id": "3624",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a5f6c100",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000001b4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000f04"
              },
              {
                "name": "TargetHandle",
                "value": "0x000001b4"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-06-28 21:56:31,953",
            "thread_id": "844",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a5f6c100",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000d90"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000f04"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000d90"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-06-28 21:56:31,953",
            "thread_id": "1176",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a5f6c100",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000e28"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000f04"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000e28"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-06-28 21:56:38,796",
            "thread_id": "1176",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ee4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-06-28 21:56:48,781",
            "thread_id": "844",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000eec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-06-28 21:56:58,796",
            "thread_id": "844",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ef4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-06-28 21:57:08,796",
            "thread_id": "1176",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000071c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-06-28 21:57:14,328",
            "thread_id": "1176",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a5f6c100",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000d90"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000e28"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000d90"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-06-28 21:57:18,781",
            "thread_id": "1176",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000efc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-06-28 21:57:28,781",
            "thread_id": "1176",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000eec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-06-28 21:57:38,796",
            "thread_id": "3624",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ee0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-06-28 21:57:48,796",
            "thread_id": "3624",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000eec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 1,
            "id": 24
          },
          {
            "timestamp": "2026-06-28 21:58:08,796",
            "thread_id": "848",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000d00"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-06-28 21:58:09,124",
            "thread_id": "844",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a84632e1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a7170000"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-06-28 21:58:18,796",
            "thread_id": "844",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000d00"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-06-28 21:58:28,812",
            "thread_id": "3624",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000a74"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-06-28 21:58:31,062",
            "thread_id": "844",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a84632e1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a7170000"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-06-28 21:58:38,859",
            "thread_id": "3624",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000af0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-06-28 21:58:39,890",
            "thread_id": "848",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a84632e1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a7170000"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-06-28 21:58:48,781",
            "thread_id": "844",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ca8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-06-28 21:58:51,624",
            "thread_id": "844",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a84632e1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a7170000"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-06-28 21:58:58,796",
            "thread_id": "3624",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000d9c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-06-28 21:58:58,796",
            "thread_id": "3624",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a5f6c100",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000864"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0x00000d9c"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000864"
              },
              {
                "name": "Options",
                "value": "0x00000003"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-06-28 21:59:08,796",
            "thread_id": "844",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ef0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-06-28 21:59:18,796",
            "thread_id": "3624",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000c9c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-06-28 21:59:28,781",
            "thread_id": "844",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000d9c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 38
          }
        ],
        "threads": [
          "844",
          "3624",
          "848",
          "1176"
        ],
        "environ": {
          "UserName": "SYSTEM",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\TEMP\\",
          "CommandLine": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff69d480000",
          "MainExeSize": "0x00011000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 3712,
        "process_name": "WmiPrvSE.exe",
        "parent_id": 756,
        "module_path": "C:\\Windows\\SysWOW64\\wbem\\WmiPrvSE.exe",
        "first_seen": "2026-06-29 13:56:25,017",
        "calls": [
          {
            "timestamp": "2026-06-29 13:56:25,173",
            "thread_id": "4420",
            "caller": "0x00a88c03",
            "parentcaller": "0x00a8f1d0",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-06-29 13:56:25,173",
            "thread_id": "4420",
            "caller": "0x00a88c03",
            "parentcaller": "0x00a8f1d0",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000268"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-06-29 13:56:25,173",
            "thread_id": "4420",
            "caller": "0x00a88c03",
            "parentcaller": "0x00a8f1d0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000026c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x050a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x02d2f85c"
              },
              {
                "name": "ViewSize",
                "value": "0x00338000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-06-29 13:56:25,173",
            "thread_id": "4420",
            "caller": "0x00a874eb",
            "parentcaller": "0x00a8739e",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SystemResources\\USER32.dll.mun"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 1,
            "id": 3
          },
          {
            "timestamp": "2026-06-29 13:56:25,173",
            "thread_id": "4420",
            "caller": "0x00a8739e",
            "parentcaller": "0x00a8f1d0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\USER32.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-06-29 13:56:25,173",
            "thread_id": "4420",
            "caller": "0x00a8739e",
            "parentcaller": "0x00a8f1d0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000234"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x039b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x02d2ee08"
              },
              {
                "name": "ViewSize",
                "value": "0x00005000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-06-29 13:56:25,173",
            "thread_id": "4420",
            "caller": "0x00a88977",
            "parentcaller": "0x00a87559",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000022c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-06-29 13:56:25,173",
            "thread_id": "4420",
            "caller": "0x00a88977",
            "parentcaller": "0x00a87559",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000228"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74cf0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-06-29 13:56:25,173",
            "thread_id": "4420",
            "caller": "0x00a88977",
            "parentcaller": "0x00a87559",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x74cf0000"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-06-29 13:56:25,173",
            "thread_id": "4420",
            "caller": "0x00a88977",
            "parentcaller": "0x00a87559",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000228"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0005f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-06-29 13:56:25,173",
            "thread_id": "4420",
            "caller": "0x00a88977",
            "parentcaller": "0x00a87559",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x769d0000"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-06-29 13:56:25,173",
            "thread_id": "4420",
            "caller": "0x00a88977",
            "parentcaller": "0x00a87559",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000270"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-06-29 13:56:25,173",
            "thread_id": "4420",
            "caller": "0x00a88977",
            "parentcaller": "0x00a87559",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03122000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-06-29 13:56:25,189",
            "thread_id": "5188",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03126000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-06-29 13:56:25,189",
            "thread_id": "5180",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03127000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88af4",
            "parentcaller": "0x00a87559",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03128000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88af4",
            "parentcaller": "0x00a87559",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03129000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88b4a",
            "parentcaller": "0x00a87559",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x76a30000"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88b4a",
            "parentcaller": "0x00a87559",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a888fa",
            "parentcaller": "0x00a87568",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e10000"
              },
              {
                "name": "SectionOffset",
                "value": "0x02d2fc08"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88852",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03863000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88852",
            "parentcaller": "0x00a873b2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "0"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 9,
            "id": 21
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88852",
            "parentcaller": "0x00a873b2",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x70515960"
              },
              {
                "name": "Parameter",
                "value": "0x0312cc58"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "5232"
              },
              {
                "name": "ProcessId",
                "value": "3712"
              },
              {
                "name": "Module",
                "value": "NCObjAPI.DLL"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88885",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0386b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88885",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0386c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88885",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88885",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88885",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05420000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88885",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05420000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88885",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05422000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88885",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0312e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88885",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05423000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88885",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05426000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88885",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0312f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88885",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03131000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88885",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0542b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-06-29 13:56:25,204",
            "thread_id": "4420",
            "caller": "0x00a88885",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03134000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-06-29 13:56:27,564",
            "thread_id": "4420",
            "caller": "0x00a875a1",
            "parentcaller": "0x00a873b2",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\wbemprox"
              },
              {
                "name": "DllBase",
                "value": "0x721b0000"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-06-29 13:56:27,564",
            "thread_id": "4420",
            "caller": "0x00a875a1",
            "parentcaller": "0x00a873b2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemprox.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x721b0000"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-06-29 13:56:27,564",
            "thread_id": "4420",
            "caller": "0x00a875a1",
            "parentcaller": "0x00a873b2",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F811-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-06-29 13:56:27,564",
            "thread_id": "5364",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03140000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-06-29 13:56:27,564",
            "thread_id": "5364",
            "caller": "0x75b9fd84",
            "parentcaller": "0x753ca7ea",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000304"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-06-29 13:56:27,564",
            "thread_id": "5364",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03141000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-06-29 13:56:27,579",
            "thread_id": "4420",
            "caller": "0x00a875e9",
            "parentcaller": "0x00a873b2",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000032A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000149-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-06-29 13:56:27,579",
            "thread_id": "4420",
            "caller": "0x00a875e9",
            "parentcaller": "0x00a873b2",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-06-29 13:56:27,579",
            "thread_id": "4420",
            "caller": "0x00a875e9",
            "parentcaller": "0x00a873b2",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\wbemsvc"
              },
              {
                "name": "DllBase",
                "value": "0x72120000"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-06-29 13:56:27,579",
            "thread_id": "4420",
            "caller": "0x00a875e9",
            "parentcaller": "0x00a873b2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemsvc.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x72120000"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-06-29 13:56:27,579",
            "thread_id": "4420",
            "caller": "0x00a875e9",
            "parentcaller": "0x00a873b2",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8BC3F05E-D86B-11D0-A075-00C04FB68820"
              },
              {
                "name": "ClsContext",
                "value": "0x00000014",
                "pretty_value": "CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-06-29 13:56:27,579",
            "thread_id": "4420",
            "caller": "0x00a875e9",
            "parentcaller": "0x00a873b2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\fastprox.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x72050000"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-06-29 13:56:27,579",
            "thread_id": "4420",
            "caller": "0x00a875e9",
            "parentcaller": "0x00a873b2",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-06-29 13:56:27,595",
            "thread_id": "4420",
            "caller": "0x00a875e9",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03147000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-06-29 13:56:27,595",
            "thread_id": "4420",
            "caller": "0x00a875e9",
            "parentcaller": "0x00a873b2",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\amsi"
              },
              {
                "name": "DllBase",
                "value": "0x72030000"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-06-29 13:56:27,610",
            "thread_id": "4420",
            "caller": "0x00a875e9",
            "parentcaller": "0x00a873b2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "amsi.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x72030000"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-06-29 13:56:27,610",
            "thread_id": "4420",
            "caller": "0x00a875e9",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03149000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-06-29 13:56:27,610",
            "thread_id": "4420",
            "caller": "0x00a875e9",
            "parentcaller": "0x00a873b2",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-06-29 13:56:27,610",
            "thread_id": "4420",
            "caller": "0x00a8a081",
            "parentcaller": "0x00a87663",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 55
          },
          {
            "timestamp": "2026-06-29 13:56:27,610",
            "thread_id": "4420",
            "caller": "0x00a87b53",
            "parentcaller": "0x00a87af4",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000330"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x00a866d0"
              },
              {
                "name": "Parameter",
                "value": "0x03104520"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "5396"
              },
              {
                "name": "ProcessId",
                "value": "3712"
              },
              {
                "name": "Module",
                "value": "wmiprvse.exe"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-06-29 13:56:27,610",
            "thread_id": "5368",
            "caller": "0x75b9fd84",
            "parentcaller": "0x753ca7ea",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000034c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-06-29 13:56:27,610",
            "thread_id": "5364",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0314c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-06-29 13:56:27,610",
            "thread_id": "5364",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-06-29 13:56:27,610",
            "thread_id": "5364",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0314f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-06-29 13:56:27,610",
            "thread_id": "5400",
            "caller": "0x75b9fd84",
            "parentcaller": "0x753ca7ea",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000364"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-06-29 13:56:27,610",
            "thread_id": "5400",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03150000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-06-29 13:56:27,610",
            "thread_id": "5368",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03152000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-06-29 13:56:27,610",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-06-29 13:56:27,610",
            "thread_id": "5368",
            "caller": "0x720762b6",
            "parentcaller": "0x720760f3",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 65
          },
          {
            "timestamp": "2026-06-29 13:56:27,626",
            "thread_id": "5368",
            "caller": "0x00a7cdfb",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\wmiutils"
              },
              {
                "name": "DllBase",
                "value": "0x70f10000"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-06-29 13:56:27,626",
            "thread_id": "5368",
            "caller": "0x00a7cdfb",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wmiutils.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70f10000"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-06-29 13:56:27,626",
            "thread_id": "5368",
            "caller": "0x00a7cdfb",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-06-29 13:56:27,626",
            "thread_id": "5368",
            "caller": "0x75b9fd84",
            "parentcaller": "0x758525c3",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000370"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-06-29 13:56:27,626",
            "thread_id": "5404",
            "caller": "0x75b9fd84",
            "parentcaller": "0x753ca7ea",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000378"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-06-29 13:56:27,626",
            "thread_id": "5404",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-06-29 13:56:27,626",
            "thread_id": "5404",
            "caller": "0x00a7df1e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000380"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-06-29 13:56:27,626",
            "thread_id": "5404",
            "caller": "0x00a7df1e",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-06-29 13:56:27,642",
            "thread_id": "5404",
            "caller": "0x00a7da1a",
            "parentcaller": "0x00a7df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02c81000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-06-29 13:56:27,642",
            "thread_id": "5404",
            "caller": "0x00a7da1a",
            "parentcaller": "0x00a7df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03154000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-06-29 13:56:27,642",
            "thread_id": "5404",
            "caller": "0x00a7da1a",
            "parentcaller": "0x00a7df85",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-06-29 13:56:27,642",
            "thread_id": "5404",
            "caller": "0x00a7da72",
            "parentcaller": "0x00a7df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03156000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-06-29 13:56:27,642",
            "thread_id": "5404",
            "caller": "0x00a7da72",
            "parentcaller": "0x00a7df85",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03157000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-06-29 13:56:27,657",
            "thread_id": "5404",
            "caller": "0x00a807d9",
            "parentcaller": "0x00a80afd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\USERENV"
              },
              {
                "name": "DllBase",
                "value": "0x73340000"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-06-29 13:56:27,657",
            "thread_id": "5404",
            "caller": "0x00a807d9",
            "parentcaller": "0x00a80afd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ntmarta"
              },
              {
                "name": "DllBase",
                "value": "0x73970000"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-06-29 13:56:27,657",
            "thread_id": "5404",
            "caller": "0x00a807d9",
            "parentcaller": "0x00a80afd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\esscli"
              },
              {
                "name": "DllBase",
                "value": "0x6f800000"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-06-29 13:56:27,673",
            "thread_id": "5404",
            "caller": "0x00a807d9",
            "parentcaller": "0x00a80afd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\stdprov"
              },
              {
                "name": "DllBase",
                "value": "0x6f860000"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-06-29 13:56:27,673",
            "thread_id": "5404",
            "caller": "0x00a807d9",
            "parentcaller": "0x00a80afd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "API-MS-Win-Security-Base-L1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-06-29 13:56:27,673",
            "thread_id": "5404",
            "caller": "0x00a807d9",
            "parentcaller": "0x00a80afd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\stdprov.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f860000"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-06-29 13:56:27,673",
            "thread_id": "5404",
            "caller": "0x00a807d9",
            "parentcaller": "0x00a80afd",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "FE9AF5C0-D3B6-11CE-A5B6-00AA00680C3F"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-06-29 13:56:27,673",
            "thread_id": "5404",
            "caller": "0x00a81195",
            "parentcaller": "0x00a80b8b",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-06-29 13:56:27,673",
            "thread_id": "5404",
            "caller": "0x00a854ad",
            "parentcaller": "0x00a82d72",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0315a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-06-29 13:56:27,673",
            "thread_id": "5404",
            "caller": "0x720761d4",
            "parentcaller": "0x72076422",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-06-29 13:56:27,673",
            "thread_id": "5404",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0315d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-06-29 13:56:27,689",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-06-29 13:56:27,689",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-06-29 13:56:27,689",
            "thread_id": "5368",
            "caller": "0x720762b6",
            "parentcaller": "0x7584df44",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-06-29 13:56:27,689",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-06-29 13:56:27,689",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0315f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-06-29 13:56:27,704",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-06-29 13:56:27,704",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-06-29 13:56:27,704",
            "thread_id": "5368",
            "caller": "0x720762b6",
            "parentcaller": "0x7584df44",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-06-29 13:56:27,704",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-06-29 13:56:27,704",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03168000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-06-29 13:56:27,720",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-06-29 13:56:27,720",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-06-29 13:56:27,720",
            "thread_id": "5368",
            "caller": "0x720762b6",
            "parentcaller": "0x7584df44",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-06-29 13:56:27,720",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-06-29 13:56:27,720",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-06-29 13:56:27,720",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-06-29 13:56:27,720",
            "thread_id": "5368",
            "caller": "0x720762b6",
            "parentcaller": "0x7584df44",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-06-29 13:56:27,720",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-06-29 13:56:27,720",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03163000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-06-29 13:56:27,735",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-06-29 13:56:27,735",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-06-29 13:56:27,735",
            "thread_id": "5368",
            "caller": "0x720762b6",
            "parentcaller": "0x7584df44",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-06-29 13:56:27,735",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-06-29 13:56:27,735",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03163000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-06-29 13:56:27,735",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-06-29 13:56:27,751",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-06-29 13:56:27,751",
            "thread_id": "5368",
            "caller": "0x720762b6",
            "parentcaller": "0x7584df44",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-06-29 13:56:27,751",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-06-29 13:56:27,751",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03163000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-06-29 13:56:27,751",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-06-29 13:56:27,751",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-06-29 13:56:27,751",
            "thread_id": "5368",
            "caller": "0x720762b6",
            "parentcaller": "0x7584df44",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-06-29 13:56:27,751",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-06-29 13:56:27,751",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03163000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 1,
            "id": 123
          },
          {
            "timestamp": "2026-06-29 13:56:27,767",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-06-29 13:56:27,767",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-06-29 13:56:27,767",
            "thread_id": "5368",
            "caller": "0x720762b6",
            "parentcaller": "0x7584df44",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-06-29 13:56:27,767",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-06-29 13:56:27,767",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-06-29 13:56:27,767",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-06-29 13:56:27,767",
            "thread_id": "5368",
            "caller": "0x720762b6",
            "parentcaller": "0x7584df44",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-06-29 13:56:27,767",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03162000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-06-29 13:56:27,767",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-06-29 13:56:27,782",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-06-29 13:56:27,782",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-06-29 13:56:27,782",
            "thread_id": "5368",
            "caller": "0x720762b6",
            "parentcaller": "0x7584df44",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-06-29 13:56:27,782",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-06-29 13:56:27,782",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-06-29 13:56:27,782",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-06-29 13:56:27,782",
            "thread_id": "5368",
            "caller": "0x720762b6",
            "parentcaller": "0x7584df44",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-06-29 13:56:27,782",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-06-29 13:56:27,798",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-06-29 13:56:27,798",
            "thread_id": "5368",
            "caller": "0x758449c7",
            "parentcaller": "0x7584d2e3",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-06-29 13:56:27,798",
            "thread_id": "5368",
            "caller": "0x720762b6",
            "parentcaller": "0x7584df44",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-06-29 13:56:27,798",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03162000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-06-29 13:56:27,798",
            "thread_id": "5368",
            "caller": "0x00a8dde0",
            "parentcaller": "0x00a8eb2f",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-06-29 13:57:30,923",
            "thread_id": "5360",
            "caller": "0x75b9fd84",
            "parentcaller": "0x753ca7ea",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86c4e",
            "parentcaller": "0x00a86705",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86a82",
            "parentcaller": "0x00a86705",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\stdprov"
              },
              {
                "name": "DllBase",
                "value": "0x6f860000"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86a82",
            "parentcaller": "0x00a86705",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\USERENV"
              },
              {
                "name": "DllBase",
                "value": "0x73340000"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86a82",
            "parentcaller": "0x00a86705",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73340000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86a82",
            "parentcaller": "0x00a86705",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ntmarta"
              },
              {
                "name": "DllBase",
                "value": "0x73970000"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86a82",
            "parentcaller": "0x00a86705",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73970000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86a82",
            "parentcaller": "0x00a86705",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\esscli"
              },
              {
                "name": "DllBase",
                "value": "0x6f800000"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86a82",
            "parentcaller": "0x00a86705",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f800000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86a82",
            "parentcaller": "0x00a86705",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f860000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86a82",
            "parentcaller": "0x00a86705",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\wbemsvc"
              },
              {
                "name": "DllBase",
                "value": "0x72120000"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86a82",
            "parentcaller": "0x00a86705",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86a82",
            "parentcaller": "0x00a86705",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\wbemprox"
              },
              {
                "name": "DllBase",
                "value": "0x721b0000"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86a82",
            "parentcaller": "0x00a86705",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x721b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86a82",
            "parentcaller": "0x00a86705",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\wmiutils"
              },
              {
                "name": "DllBase",
                "value": "0x70f10000"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "5396",
            "caller": "0x00a86a82",
            "parentcaller": "0x00a86705",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70f10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "4420",
            "caller": "0x00a878ac",
            "parentcaller": "0x00a873b2",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000330"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "4420",
            "caller": "0x00a8790d",
            "parentcaller": "0x00a873b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x03162000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-06-29 13:57:49,267",
            "thread_id": "4420",
            "caller": "0x00a8f1e5",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-06-29 13:57:49,282",
            "thread_id": "4420",
            "caller": "0x00a8f1e5",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0312f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-06-29 13:57:49,282",
            "thread_id": "4420",
            "caller": "0x00a8f1e5",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 166
          }
        ],
        "threads": [
          "4420",
          "5188",
          "5180",
          "5364",
          "5368",
          "5400",
          "5404",
          "5360",
          "5396"
        ],
        "environ": {
          "UserName": "LOCAL SERVICE",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\TEMP\\",
          "CommandLine": "C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe -secured -Embedding",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x00a70000",
          "MainExeSize": "0x0006a000",
          "Bitness": "32-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 4160,
        "process_name": "svchost.exe",
        "parent_id": 632,
        "module_path": "C:\\Windows\\System32\\svchost.exe",
        "first_seen": "2026-06-29 13:56:25,389",
        "calls": [
          {
            "timestamp": "2026-06-29 13:56:27,561",
            "thread_id": "4940",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-06-29 13:56:27,576",
            "thread_id": "4940",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a19f359f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff98bab0000"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-06-29 13:56:27,576",
            "thread_id": "4940",
            "caller": "0x7ff9a19f35f7",
            "parentcaller": "0x7ff9a96ca55e",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-06-29 13:56:27,576",
            "thread_id": "1920",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-06-29 13:56:27,592",
            "thread_id": "1920",
            "caller": "0x7ff9986b3a1a",
            "parentcaller": "0x7ff98bac9bfb",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-06-29 13:56:27,592",
            "thread_id": "1920",
            "caller": "0x7ff9a0f4387e",
            "parentcaller": "0x7ff98bac9cb7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-06-29 13:56:27,592",
            "thread_id": "1920",
            "caller": "0x7ff99dc3a740",
            "parentcaller": "0x7ff99dc3a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-06-29 13:56:27,607",
            "thread_id": "1904",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-06-29 13:56:27,607",
            "thread_id": "1904",
            "caller": "0x7ff9986b4e9b",
            "parentcaller": "0x7ff9986b6a2f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 8
          },
          {
            "timestamp": "2026-06-29 13:56:27,607",
            "thread_id": "1904",
            "caller": "0x7ff98bac778d",
            "parentcaller": "0x7ff9986acae0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CD1ABFC8-6C5E-4A8D-B90B-2A3B153B886D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 9
          },
          {
            "timestamp": "2026-06-29 13:56:27,607",
            "thread_id": "1904",
            "caller": "0x7ff99dc3a740",
            "parentcaller": "0x7ff99dc3a3e5",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 10
          },
          {
            "timestamp": "2026-06-29 13:56:27,623",
            "thread_id": "1904",
            "caller": "0x7ff9986b4e9b",
            "parentcaller": "0x7ff9986b6a2f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 11
          },
          {
            "timestamp": "2026-06-29 13:56:27,623",
            "thread_id": "1920",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 12
          },
          {
            "timestamp": "2026-06-29 13:56:27,623",
            "thread_id": "1104",
            "caller": "0x7ff99e312508",
            "parentcaller": "0x7ff99e314a51",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 7,
            "id": 13
          },
          {
            "timestamp": "2026-06-29 13:56:27,639",
            "thread_id": "1920",
            "caller": "0x7ff99dc3a740",
            "parentcaller": "0x7ff99dc1d725",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-06-29 13:56:27,639",
            "thread_id": "4348",
            "caller": "0x7ff98bac8eb0",
            "parentcaller": "0x7ff9a9c68e33",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CC9072AB-C000-49D8-A5AA-00266C8DBB9B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "368732C2-80D8-403E-854B-1B2BAFB9842C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-06-29 13:56:27,670",
            "thread_id": "1904",
            "caller": "0x7ff9986b4e9b",
            "parentcaller": "0x7ff9986b6a2f",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-06-29 13:56:27,670",
            "thread_id": "1904",
            "caller": "0x7ff99dc3b02d",
            "parentcaller": "0x7ff99dc3a607",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-06-29 13:56:27,686",
            "thread_id": "1904",
            "caller": "0x7ff9986b2823",
            "parentcaller": "0x7ff9986f9da8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-06-29 13:56:27,686",
            "thread_id": "1904",
            "caller": "0x7ff99dc3b02d",
            "parentcaller": "0x7ff99dc3a607",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 19
          },
          {
            "timestamp": "2026-06-29 13:56:27,686",
            "thread_id": "4348",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-06-29 13:56:27,701",
            "thread_id": "4940",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 21
          },
          {
            "timestamp": "2026-06-29 13:56:27,701",
            "thread_id": "1904",
            "caller": "0x7ff9986b2823",
            "parentcaller": "0x7ff9986f9da8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-06-29 13:56:27,701",
            "thread_id": "1904",
            "caller": "0x7ff99dc3aaaf",
            "parentcaller": "0x7ff99dc3a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-06-29 13:56:27,701",
            "thread_id": "4940",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-06-29 13:56:27,701",
            "thread_id": "4940",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 25
          },
          {
            "timestamp": "2026-06-29 13:56:27,717",
            "thread_id": "1904",
            "caller": "0x7ff9986b2823",
            "parentcaller": "0x7ff9986f9da8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-06-29 13:56:27,717",
            "thread_id": "1904",
            "caller": "0x7ff99dc3aaaf",
            "parentcaller": "0x7ff99dc3a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-06-29 13:56:27,717",
            "thread_id": "1348",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-06-29 13:56:27,717",
            "thread_id": "1348",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 29
          },
          {
            "timestamp": "2026-06-29 13:56:27,717",
            "thread_id": "1904",
            "caller": "0x7ff9986b2823",
            "parentcaller": "0x7ff9986f9da8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-06-29 13:56:27,717",
            "thread_id": "1904",
            "caller": "0x7ff99dc3aaaf",
            "parentcaller": "0x7ff99dc3a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-06-29 13:56:27,717",
            "thread_id": "1348",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-06-29 13:56:27,717",
            "thread_id": "1348",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 33
          },
          {
            "timestamp": "2026-06-29 13:56:27,732",
            "thread_id": "1904",
            "caller": "0x7ff9986b2823",
            "parentcaller": "0x7ff9986f9da8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-06-29 13:56:27,732",
            "thread_id": "1904",
            "caller": "0x7ff99dc3aaaf",
            "parentcaller": "0x7ff99dc3a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-06-29 13:56:27,732",
            "thread_id": "4940",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-06-29 13:56:27,732",
            "thread_id": "4940",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 37
          },
          {
            "timestamp": "2026-06-29 13:56:27,732",
            "thread_id": "1904",
            "caller": "0x7ff9986b2823",
            "parentcaller": "0x7ff9986f9da8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-06-29 13:56:27,732",
            "thread_id": "1904",
            "caller": "0x7ff99dc3aaaf",
            "parentcaller": "0x7ff99dc3a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-06-29 13:56:27,748",
            "thread_id": "4940",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-06-29 13:56:27,748",
            "thread_id": "4940",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 41
          },
          {
            "timestamp": "2026-06-29 13:56:27,748",
            "thread_id": "1904",
            "caller": "0x7ff9986b2823",
            "parentcaller": "0x7ff9986f9da8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-06-29 13:56:27,748",
            "thread_id": "1904",
            "caller": "0x7ff99dc3aaaf",
            "parentcaller": "0x7ff99dc3a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-06-29 13:56:27,748",
            "thread_id": "4940",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-06-29 13:56:27,748",
            "thread_id": "4940",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 45
          },
          {
            "timestamp": "2026-06-29 13:56:27,764",
            "thread_id": "1904",
            "caller": "0x7ff9986b2823",
            "parentcaller": "0x7ff9986f9da8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-06-29 13:56:27,764",
            "thread_id": "1904",
            "caller": "0x7ff99dc3aaaf",
            "parentcaller": "0x7ff99dc3a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-06-29 13:56:27,764",
            "thread_id": "1348",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-06-29 13:56:27,764",
            "thread_id": "1348",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 49
          },
          {
            "timestamp": "2026-06-29 13:56:27,764",
            "thread_id": "1904",
            "caller": "0x7ff9986b2823",
            "parentcaller": "0x7ff9986f9da8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-06-29 13:56:27,764",
            "thread_id": "1904",
            "caller": "0x7ff99dc3aaaf",
            "parentcaller": "0x7ff99dc3a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-06-29 13:56:27,764",
            "thread_id": "1348",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-06-29 13:56:27,764",
            "thread_id": "1348",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 53
          },
          {
            "timestamp": "2026-06-29 13:56:27,779",
            "thread_id": "1904",
            "caller": "0x7ff9986b2823",
            "parentcaller": "0x7ff9986f9da8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-06-29 13:56:27,779",
            "thread_id": "1904",
            "caller": "0x7ff99dc3aaaf",
            "parentcaller": "0x7ff99dc3a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-06-29 13:56:27,779",
            "thread_id": "1348",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-06-29 13:56:27,779",
            "thread_id": "1348",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 57
          },
          {
            "timestamp": "2026-06-29 13:56:27,779",
            "thread_id": "1904",
            "caller": "0x7ff9986b2823",
            "parentcaller": "0x7ff9986f9da8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-06-29 13:56:27,779",
            "thread_id": "1904",
            "caller": "0x7ff99dc3aaaf",
            "parentcaller": "0x7ff99dc3a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-06-29 13:56:27,779",
            "thread_id": "4940",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-06-29 13:56:27,779",
            "thread_id": "4940",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 2,
            "id": 61
          },
          {
            "timestamp": "2026-06-29 13:56:27,795",
            "thread_id": "1904",
            "caller": "0x7ff9986b2823",
            "parentcaller": "0x7ff9986f9da8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1108BE51-F58A-4CDA-BB99-7A0227D11D5E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-06-29 13:56:27,795",
            "thread_id": "1904",
            "caller": "0x7ff99dc3aaaf",
            "parentcaller": "0x7ff99dc3a9c8",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-06-29 13:56:27,795",
            "thread_id": "4940",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-06-29 13:56:27,795",
            "thread_id": "4940",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-06-29 13:57:03,514",
            "thread_id": "4456",
            "caller": "0x7ff69d484140",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4FA18276-912A-11D1-AD9B-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-06-29 13:57:03,529",
            "thread_id": "4456",
            "caller": "0x7ff69d484140",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-06-29 13:57:03,529",
            "thread_id": "4456",
            "caller": "0x7ff69d484140",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "44ACA674-E8FC-11D0-A07C-00C04FB68820"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-06-29 13:57:06,842",
            "thread_id": "4692",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a9c24a33",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002d8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-06-29 13:57:19,232",
            "thread_id": "1348",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a96d879f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000040c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-06-29 13:57:49,264",
            "thread_id": "4456",
            "caller": "0x7ff69d484140",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\ES"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a3040000"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-06-29 13:57:49,264",
            "thread_id": "4456",
            "caller": "0x7ff69d484140",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a3040000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 72
          }
        ],
        "threads": [
          "4940",
          "1920",
          "1904",
          "1104",
          "4348",
          "1348",
          "4456",
          "4692"
        ],
        "environ": {
          "UserName": "SYSTEM",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\TEMP\\",
          "CommandLine": "C:\\Windows\\system32\\svchost.exe -k netsvcs -p",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff69d480000",
          "MainExeSize": "0x00011000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      }
    ],
    "anomaly": [],
    "processtree": [
      {
        "name": "vs_Community_1_.exe",
        "pid": 3412,
        "parent_id": 2892,
        "module_path": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe",
        "children": [],
        "threads": [
          "3636",
          "4704",
          "4708",
          "4228",
          "2064",
          "5088",
          "4660",
          "4948",
          "2108",
          "3348",
          "2856",
          "2736",
          "4500",
          "2368",
          "508",
          "3628"
        ],
        "environ": {
          "UserName": "Rajesh",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe\" ",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x00c80000",
          "MainExeSize": "0x0006e000",
          "Bitness": "32-bit"
        }
      },
      {
        "name": "svchost.exe",
        "pid": 756,
        "parent_id": 632,
        "module_path": "C:\\Windows\\System32\\svchost.exe",
        "children": [
          {
            "name": "WmiPrvSE.exe",
            "pid": 3712,
            "parent_id": 756,
            "module_path": "C:\\Windows\\SysWOW64\\wbem\\WmiPrvSE.exe",
            "children": [],
            "threads": [
              "4420",
              "5188",
              "5180",
              "5364",
              "5368",
              "5400",
              "5404",
              "5360",
              "5396"
            ],
            "environ": {
              "UserName": "LOCAL SERVICE",
              "ComputerName": "DESKTOP-P54VDBR",
              "WindowsPath": "C:\\Windows",
              "TempPath": "C:\\Windows\\TEMP\\",
              "CommandLine": "C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe -secured -Embedding",
              "RegisteredOwner": "",
              "RegisteredOrganization": "",
              "ProductName": "",
              "SystemVolumeSerialNumber": "1c64-b66f",
              "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
              "MachineGUID": "",
              "MainExeBase": "0x00a70000",
              "MainExeSize": "0x0006a000",
              "Bitness": "32-bit"
            }
          }
        ],
        "threads": [
          "844",
          "3624",
          "848",
          "1176"
        ],
        "environ": {
          "UserName": "SYSTEM",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\TEMP\\",
          "CommandLine": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff69d480000",
          "MainExeSize": "0x00011000",
          "Bitness": "64-bit"
        }
      },
      {
        "name": "svchost.exe",
        "pid": 4160,
        "parent_id": 632,
        "module_path": "C:\\Windows\\System32\\svchost.exe",
        "children": [],
        "threads": [
          "4940",
          "1920",
          "1904",
          "1104",
          "4348",
          "1348",
          "4456",
          "4692"
        ],
        "environ": {
          "UserName": "SYSTEM",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\TEMP\\",
          "CommandLine": "C:\\Windows\\system32\\svchost.exe -k netsvcs -p",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff69d480000",
          "MainExeSize": "0x00011000",
          "Bitness": "64-bit"
        }
      }
    ],
    "summary": {
      "files": [
        "C:\\Windows\\WindowsShell.Manifest",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt",
        "C:\\Windows\\System32\\tzres.dll",
        "C:\\Windows\\System32\\en-US\\tzres.dll.mui",
        "C:\\Windows\\sysnative\\en-US\\tzres.dll.mui",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe",
        "C:\\Windows\\System32\\cryptsp.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\",
        "C:\\Windows\\System32\\kernel.appcore.dll",
        "C:\\Windows\\System32\\textinputframework.dll",
        "C:\\Windows\\System32\\CoreUIComponents.dll",
        "C:\\Windows\\System32\\CoreMessaging.dll",
        "C:\\Windows\\System32\\ntmarta.dll",
        "C:\\Windows\\System32\\WinTypes.dll",
        "C:\\Windows\\SystemResources\\USER32.dll.mun",
        "C:\\Windows\\Fonts\\staticcache.dat",
        "C:\\Windows\\System32\\TextShaping.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json",
        "C:\\Windows\\System32\\propsys.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe .*",
        "C:\\",
        "C:\\Users",
        "\\Device\\DeviceApi\\CMApi",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches",
        "\\??\\MountPointManager",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db",
        "C:\\Users\\desktop.ini",
        "C:\\Users\\Rajesh",
        "C:\\Users\\Rajesh\\AppData",
        "C:\\Users\\Rajesh\\AppData\\Local",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a",
        "C:\\Windows\\SysWOW64\\propsys.dll",
        "C:\\Windows\\sysnative\\propsys.dll",
        "C:\\Windows\\System32\\en-US\\PROPSYS.dll.mui",
        "C:\\Windows\\sysnative\\en-US\\PROPSYS.dll.mui",
        "C:\\Users\\Rajesh\\Desktop\\desktop.ini",
        "C:\\Windows\\System32\\profapi.dll",
        "C:\\Users\\Rajesh\\Documents\\desktop.ini",
        "C:\\Users\\Rajesh\\Music\\desktop.ini",
        "C:\\Users\\Rajesh\\Pictures\\desktop.ini",
        "C:\\Users\\Rajesh\\Videos\\desktop.ini",
        "C:\\Users\\Rajesh\\Downloads\\desktop.ini",
        "C:\\Users\\Rajesh\\Searches\\desktop.ini",
        "C:\\Users\\Rajesh\\Contacts\\desktop.ini",
        "C:\\Users\\Rajesh\\Favorites\\desktop.ini",
        "C:\\Users\\Rajesh\\Links\\desktop.ini",
        "C:\\Users\\Rajesh\\Saved Games\\desktop.ini",
        "C:\\Windows\\System32\\edputil.dll",
        "C:\\Windows\\System32\\urlmon.dll",
        "C:\\Windows\\System32\\srvcli.dll",
        "C:\\Windows\\System32\\netutils.dll",
        "C:\\Windows\\system32",
        "C:\\Windows",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCache",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe:Zone.Identifier",
        "C:\\Windows\\System32\\mpr.dll",
        "C:\\Windows\\System32\\pcacli.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\*.*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\*.*",
        "\\??\\PhysicalDrive0",
        "C:\\Windows\\SysWOW64\\wbem\\WmiPrvSE.exe",
        "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
        "C:\\Windows\\System32\\en-US\\USER32.dll.mui",
        "\\Device\\CNG",
        "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM"
      ],
      "read_files": [],
      "write_files": [
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json",
        "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM"
      ],
      "delete_files": [
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\"
      ],
      "keys": [
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\release",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
        "HKEY_CURRENT_USER",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\vs_Community_1_.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\EnableAnchorContext",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\MS Shell Dlg 2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\vs_Community_1_.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
        "HKEY_CURRENT_USER\\Software\\Classes",
        "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\DelegateFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\Desktop\\NameSpace",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\Desktop\\NameSpace\\DelegateFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegate",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{208D2C60-3AEA-1069-A2D7-08002B30309D}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{871C5380-42A0-1069-A2EA-08002B30309D}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{645FF040-5081-101B-9F08-00AA002F954E}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{26EE0668-A00A-44D7-9371-BEB064C98683}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{04731B67-D933-450A-90E6-4ACD2E9408FE}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{11016101-E366-4D22-BC06-4ADA335C892B}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{450D8FBA-AD25-11D0-98A8-0800361B1103}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{64693913-1C21-4F30-A98F-4E52906D3B56}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{64693913-1C21-4F30-A98F-4E52906D3B56}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{64693913-1C21-4F30-A98F-4E52906D3B56}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{64693913-1C21-4F30-A98F-4E52906D3B56}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{64693913-1C21-4F30-A98F-4E52906D3B56}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{89D83576-6BD1-4C86-9454-BEB04E94C819}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{9343812E-1C37-4A49-A12E-4B2D810D956B}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A00EE528-EBD9-48B8-944A-8942113D46AC}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{A00EE528-EBD9-48B8-944A-8942113D46AC}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{A00EE528-EBD9-48B8-944A-8942113D46AC}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{A00EE528-EBD9-48B8-944A-8942113D46AC}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{A00EE528-EBD9-48B8-944A-8942113D46AC}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{E345F35F-9397-435C-8F95-4E922C26259E}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{EDC978D6-4D53-4B2F-A265-5805674BE568}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{EDC978D6-4D53-4B2F-A265-5805674BE568}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{EDC978D6-4D53-4B2F-A265-5805674BE568}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{EDC978D6-4D53-4B2F-A265-5805674BE568}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{EDC978D6-4D53-4B2F-A265-5805674BE568}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsFORDISPLAY",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\HideFolderVerbs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\UseDropHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsFORPARSING",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsParseDisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\QueryForOverlay",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\MapNetDriveVerbs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\QueryForInfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\HideOnDesktopPerUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsAliasedNotifications",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsUniversalDelegate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoFileFolderJunction",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\PinToNameSpaceTree",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\HasNavigationEnum",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\EnableThumbnails",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoDefaultToFS",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\ParseDisplayNameNeedsURL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\BlockNewFile",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoInitRequired",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\SafeRootForMTA",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsSendToTarget",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoLocalizedNameInTarget",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\CLSID",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\HideNonRemovableDrives",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\UseRemovableStorageRegPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\UseRemovableDrivesRegPath",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\NoDelegateSearchRoot",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\HideNonStorageServiceMountedDrives",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\ForceAllDrivesRemovable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\ShowAllOpticalDevices",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives\\DelegateFolders",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\RemovableDrives\\DelegateFolders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\MyComputer\\RemovableDrives",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\MyComputer\\RemovableDrives\\DelegateFolders",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation",
        "HKEY_CURRENT_USER\\Software\\Classes\\Drive\\shellex\\FolderExtensions",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions",
        "HKEY_CURRENT_USER\\Software\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Data",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\ShellEx\\IconHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\IconHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\Folder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Folder",
        "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\ShellEx\\IconHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\AllFilesystemObjects",
        "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
        "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
        "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
        "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
        "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\BrowseInPlace",
        "HKEY_CURRENT_USER\\Software\\Classes\\Directory\\Clsid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\Clsid",
        "HKEY_CURRENT_USER\\Software\\Classes\\Folder\\Clsid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
        "HKEY_CURRENT_USER\\Software\\Classes\\AllFilesystemObjects\\Clsid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.exe",
        "HKEY_CURRENT_USER\\Software\\Classes\\.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\exefile",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\exefile",
        "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\CurVer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\",
        "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\ShellEx\\IconHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\.exe",
        "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
        "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
        "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
        "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
        "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
        "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\Clsid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid",
        "HKEY_CURRENT_USER\\Software\\Classes\\SystemFileAssociations\\.exe\\Clsid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A0C69A99-21C8-4671-8703-7934162FCF1D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A0C69A99-21C8-4671-8703-7934162FCF1D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0DDD015D-B06C-45D5-8C4C-F59713854639}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{0DDD015D-B06C-45D5-8C4C-F59713854639}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegate",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\CLSID",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\DescriptionID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4FFE-A368-0DE96E47012E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48DAF80B-E6CF-4F4E-B800-0E69D84EE384}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4BD9-94B0-29233477B6C3}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4AF4-A7EB-4E7A138D8174}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4C59-B6A2-414586476AEA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4A90-BBA9-27CBC0C5389A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4900540-2379-4C75-844B-64E6FAF8716B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4E48-96A1-3F6217F21990}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464B-ABE8-61C8648D939B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482AF6C-08F1-4C34-8C90-E17EC98B1E17}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BCB5256F-79F6-4CEE-B725-DC34E402FD46}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE61D971-5EBC-4F02-A3A9-6C82895E5C04}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7BEDE81-DF94-4682-A7D8-57A52620B86F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4EAB-965A-69829D1FB59F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1E87508D-89C2-42F0-8A7E-645A0F50CA58}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{859EAD94-2E85-48AD-A71A-0969CB56A6CD}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A305CE99-F527-492B-8B1A-7E76FA98D6E4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4E80-94BC-9912D7504104}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4F11-9E78-5F7800F2E772}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49A9-B74D-02885A5DC765}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4B87-BFD0-4CD0DFB19B39}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DF7266AC-9274-4867-8D55-3BD661DE872D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337D1-B8CA-4121-A639-6D472D16972A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4FDB-9148-0F4247291CFA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4BDA-8FD7-F78DCA774F87}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\PropertyBag",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\UsersFiles\\NameSpace",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\UsersFiles\\NameSpace\\DelegateFolders",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager",
        "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat",
        "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\vs_Community_1_.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\vs_Community_1_.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
        "HKEY_CURRENT_USER\\Software\\Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
        "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\Application",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Application",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Security",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Security",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security",
        "HKEY_LOCAL_MACHINE\\System\\Setup",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
        "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas\\command",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\command",
        "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas\\DropTarget",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\runas\\DropTarget",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
        "HKEY_CURRENT_USER\\Software\\Classes\\exefile\\Progid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Progid",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\ProgIDs\\exefile",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\vs_setup_bootstrapper.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\vs_setup_bootstrapper.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.PropertyValue\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\Instance",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\Instance",
        "HKEY_CURRENT_USER\\",
        "HKEY_CURRENT_USER\\Control Panel\\International\\User Profile",
        "HKEY_CURRENT_USER\\Control Panel\\International\\Geo",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\\ProxyStubClsid32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\Elevation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\Elevation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\CustomAttributes",
        "HKEY_CURRENT_USER\\Software\\Classes\\Applications\\vs_setup_bootstrapper.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Applications\\vs_setup_bootstrapper.exe",
        "HKEY_LOCAL_MACHINE\\system\\CurrentControlSet\\control\\NetworkProvider\\HwOrder",
        "HKEY_LOCAL_MACHINE\\system\\CurrentControlSet\\control\\NetworkProvider\\ProviderOrder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\AppCompat",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppCompat",
        "HKEY_CURRENT_USER\\Software\\Classes\\Applications\\%1.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Applications\\%1.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
      ],
      "read_keys": [
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\release",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\EnableAnchorContext",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{208D2C60-3AEA-1069-A2D7-08002B30309D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{871C5380-42A0-1069-A2EA-08002B30309D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{645FF040-5081-101B-9F08-00AA002F954E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{26EE0668-A00A-44D7-9371-BEB064C98683}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{04731B67-D933-450A-90E6-4ACD2E9408FE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{11016101-E366-4D22-BC06-4ADA335C892B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{450D8FBA-AD25-11D0-98A8-0800361B1103}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{64693913-1C21-4F30-A98F-4E52906D3B56}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{89D83576-6BD1-4C86-9454-BEB04E94C819}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{9343812E-1C37-4A49-A12E-4B2D810D956B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{A00EE528-EBD9-48B8-944A-8942113D46AC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{E345F35F-9397-435C-8F95-4E922C26259E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{EDC978D6-4D53-4B2F-A265-5805674BE568}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsFORDISPLAY",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\HideFolderVerbs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\UseDropHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsFORPARSING",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsParseDisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\QueryForOverlay",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\MapNetDriveVerbs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\QueryForInfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\HideOnDesktopPerUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsAliasedNotifications",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsUniversalDelegate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoFileFolderJunction",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\PinToNameSpaceTree",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\HasNavigationEnum",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\EnableThumbnails",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoDefaultToFS",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\ParseDisplayNameNeedsURL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\BlockNewFile",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoInitRequired",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\SafeRootForMTA",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsSendToTarget",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoLocalizedNameInTarget",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\CLSID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\HideNonRemovableDrives",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\UseRemovableStorageRegPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\UseRemovableDrivesRegPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\NoDelegateSearchRoot",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\HideNonStorageServiceMountedDrives",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\ForceAllDrivesRemovable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\ShowAllOpticalDevices",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Data",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A0C69A99-21C8-4671-8703-7934162FCF1D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{0DDD015D-B06C-45D5-8C4C-F59713854639}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\CLSID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\DescriptionID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Attributes"
      ],
      "write_keys": [
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect"
      ],
      "delete_keys": [],
      "executed_commands": [
        "vs_bootstrapper_d15\\vs_setup_bootstrapper.exe --env \"_SFX_CAB_EXE_PACKAGE:C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\\Users\\Rajesh\\AppData\\Local\\Temp\"",
        "C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe -secured -Embedding"
      ],
      "resolved_apis": [],
      "mutexes": [
        "Local\\SM0:3412:168:WilStaging_02",
        "Local\\MSCTF.Asm.MutexDefault2",
        "CicLoadWinStaWinSta0",
        "Local\\MSCTF.CtfMonitorInstMutexDefault2",
        "Local\\SM0:3412:64:WilError_03",
        "Local\\ZonesCacheCounterMutex",
        "Local\\ZonesLockedCacheCounterMutex"
      ],
      "created_services": [],
      "started_services": []
    },
    "enhanced": [
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,511",
        "eid": 1,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,543",
        "eid": 2,
        "data": {
          "file": "LPK",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,543",
        "eid": 3,
        "data": {
          "file": "GDI32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 4,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 5,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 6,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 7,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 8,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 9,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 10,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-0",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 11,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 12,
        "data": {
          "file": "api-ms-win-core-localization-l1-2-1",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 13,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 14,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": "0x75130000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 15,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 16,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 17,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,558",
        "eid": 18,
        "data": {
          "file": "C:\\Windows\\System32\\cabinet.dll",
          "pathtofile": null,
          "moduleaddress": "0x74160000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,574",
        "eid": 19,
        "data": {
          "file": "imm32.dll",
          "pathtofile": null,
          "moduleaddress": "0x760b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,574",
        "eid": 20,
        "data": {
          "file": "C:\\Windows\\System32\\comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x740d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,574",
        "eid": 21,
        "data": {
          "file": "C:\\Windows\\System32\\version.dll",
          "pathtofile": null,
          "moduleaddress": "0x740c0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,574",
        "eid": 22,
        "data": {
          "file": "C:\\Windows\\System32\\advapi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75670000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,574",
        "eid": 23,
        "data": {
          "file": "C:\\Windows\\System32\\rpcrt4.dll",
          "pathtofile": null,
          "moduleaddress": "0x75390000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,574",
        "eid": 24,
        "data": {
          "file": "C:\\Windows\\System32\\shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76320000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,574",
        "eid": 25,
        "data": {
          "file": "C:\\Windows\\System32\\ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x754f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,574",
        "eid": 26,
        "data": {
          "file": "C:\\Windows\\System32\\user32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75d20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,574",
        "eid": 27,
        "data": {
          "file": "C:\\Windows\\System32\\bcrypt.dll",
          "pathtofile": null,
          "moduleaddress": "0x76090000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,574",
        "eid": 28,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,574",
        "eid": 29,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,574",
        "eid": 30,
        "data": {
          "file": "VERSION.dll",
          "pathtofile": null,
          "moduleaddress": "0x740c0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,574",
        "eid": 31,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,590",
        "eid": 32,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,590",
        "eid": 33,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,590",
        "eid": 34,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,590",
        "eid": 35,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,590",
        "eid": 36,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,590",
        "eid": 37,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,590",
        "eid": 38,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,590",
        "eid": 39,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,590",
        "eid": 40,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,590",
        "eid": 41,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,590",
        "eid": 42,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,590",
        "eid": 43,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,590",
        "eid": 44,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,590",
        "eid": 45,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\release",
          "content": "528372"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,621",
        "eid": 46,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x74070000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,621",
        "eid": 47,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75130000"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:14,636",
        "eid": 48,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,636",
        "eid": 49,
        "data": {
          "file": "advapi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75670000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,652",
        "eid": 50,
        "data": {
          "file": "feclient.dll",
          "pathtofile": null,
          "moduleaddress": "0x74030000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,652",
        "eid": 51,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,652",
        "eid": 52,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,652",
        "eid": 53,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,652",
        "eid": 54,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,652",
        "eid": 55,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,668",
        "eid": 56,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,668",
        "eid": 57,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,668",
        "eid": 58,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x73d80000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,668",
        "eid": 59,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
          "content": "0"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,683",
        "eid": 60,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,683",
        "eid": 61,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x741c0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,683",
        "eid": 62,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,683",
        "eid": 63,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,683",
        "eid": 64,
        "data": {
          "file": "user32",
          "pathtofile": null,
          "moduleaddress": "0x75d20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,683",
        "eid": 65,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x741c0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,683",
        "eid": 66,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,683",
        "eid": 67,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x741c0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,699",
        "eid": 68,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,715",
        "eid": 69,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,715",
        "eid": 70,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,715",
        "eid": 71,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,746",
        "eid": 72,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,746",
        "eid": 73,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\EnableAnchorContext",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,761",
        "eid": 74,
        "data": {
          "file": "USER32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,793",
        "eid": 75,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,793",
        "eid": 76,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,793",
        "eid": 77,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,793",
        "eid": 78,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,793",
        "eid": 79,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath",
          "content": "C:\\Windows\\Fonts\\staticcache.dat"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,808",
        "eid": 80,
        "data": {
          "file": "C:\\Windows\\Fonts\\StaticCache.dat"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 81,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 82,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2",
          "content": "SimSun-ExtB"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 83,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 84,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 85,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 86,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 87,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 88,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 89,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 90,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 91,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 92,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 93,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 94,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 95,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 96,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 97,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 98,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,824",
        "eid": 99,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,840",
        "eid": 100,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,855",
        "eid": 101,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,855",
        "eid": 102,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,855",
        "eid": 103,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,855",
        "eid": 104,
        "data": {
          "file": "api-ms-win-appmodel-runtime-l1-1-2",
          "pathtofile": null,
          "moduleaddress": "0x74cf0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,855",
        "eid": 105,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,871",
        "eid": 106,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,886",
        "eid": 107,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,886",
        "eid": 108,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,965",
        "eid": 109,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,074",
        "eid": 110,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,168",
        "eid": 111,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,230",
        "eid": 112,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,230",
        "eid": 113,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,246",
        "eid": 114,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,246",
        "eid": 115,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,246",
        "eid": 116,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,246",
        "eid": 117,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,246",
        "eid": 118,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,246",
        "eid": 119,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,261",
        "eid": 120,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,277",
        "eid": 121,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,308",
        "eid": 122,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,308",
        "eid": 123,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,308",
        "eid": 124,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,324",
        "eid": 125,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,340",
        "eid": 126,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,340",
        "eid": 127,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,340",
        "eid": 128,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,371",
        "eid": 129,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,371",
        "eid": 130,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,371",
        "eid": 131,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,386",
        "eid": 132,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,402",
        "eid": 133,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,418",
        "eid": 134,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,433",
        "eid": 135,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,433",
        "eid": 136,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,449",
        "eid": 137,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,449",
        "eid": 138,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,465",
        "eid": 139,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,465",
        "eid": 140,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,496",
        "eid": 141,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,496",
        "eid": 142,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,496",
        "eid": 143,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,511",
        "eid": 144,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,511",
        "eid": 145,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,527",
        "eid": 146,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,543",
        "eid": 147,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:15,558",
        "eid": 148,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,574",
        "eid": 149,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,574",
        "eid": 150,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,605",
        "eid": 151,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,605",
        "eid": 152,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,605",
        "eid": 153,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,605",
        "eid": 154,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,605",
        "eid": 155,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,605",
        "eid": 156,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,605",
        "eid": 157,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,730",
        "eid": 158,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,730",
        "eid": 159,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,761",
        "eid": 160,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,761",
        "eid": 161,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,777",
        "eid": 162,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,777",
        "eid": 163,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,808",
        "eid": 164,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,808",
        "eid": 165,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,808",
        "eid": 166,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,808",
        "eid": 167,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,808",
        "eid": 168,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,808",
        "eid": 169,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,808",
        "eid": 170,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,824",
        "eid": 171,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,824",
        "eid": 172,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,824",
        "eid": 173,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,824",
        "eid": 174,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,824",
        "eid": 175,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,824",
        "eid": 176,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,824",
        "eid": 177,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,824",
        "eid": 178,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,840",
        "eid": 179,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,840",
        "eid": 180,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,840",
        "eid": 181,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,840",
        "eid": 182,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,840",
        "eid": 183,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,840",
        "eid": 184,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,840",
        "eid": 185,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,840",
        "eid": 186,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,840",
        "eid": 187,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,855",
        "eid": 188,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,855",
        "eid": 189,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,871",
        "eid": 190,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,871",
        "eid": 191,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,902",
        "eid": 192,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,902",
        "eid": 193,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,902",
        "eid": 194,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,918",
        "eid": 195,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,949",
        "eid": 196,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,949",
        "eid": 197,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,965",
        "eid": 198,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,965",
        "eid": 199,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,980",
        "eid": 200,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,980",
        "eid": 201,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,980",
        "eid": 202,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,980",
        "eid": 203,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,980",
        "eid": 204,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,980",
        "eid": 205,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,980",
        "eid": 206,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,980",
        "eid": 207,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,996",
        "eid": 208,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,996",
        "eid": 209,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,996",
        "eid": 210,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,996",
        "eid": 211,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:15,996",
        "eid": 212,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,011",
        "eid": 213,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,011",
        "eid": 214,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,027",
        "eid": 215,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,027",
        "eid": 216,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,027",
        "eid": 217,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,027",
        "eid": 218,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,027",
        "eid": 219,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,027",
        "eid": 220,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,027",
        "eid": 221,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,027",
        "eid": 222,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,027",
        "eid": 223,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,027",
        "eid": 224,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,027",
        "eid": 225,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,043",
        "eid": 226,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,043",
        "eid": 227,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,043",
        "eid": 228,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,043",
        "eid": 229,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,043",
        "eid": 230,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,058",
        "eid": 231,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,090",
        "eid": 232,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,090",
        "eid": 233,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,090",
        "eid": 234,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,090",
        "eid": 235,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,090",
        "eid": 236,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,090",
        "eid": 237,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,105",
        "eid": 238,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,121",
        "eid": 239,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,121",
        "eid": 240,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,121",
        "eid": 241,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,121",
        "eid": 242,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,121",
        "eid": 243,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,121",
        "eid": 244,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,121",
        "eid": 245,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,121",
        "eid": 246,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,121",
        "eid": 247,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,121",
        "eid": 248,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,136",
        "eid": 249,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,136",
        "eid": 250,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,136",
        "eid": 251,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,136",
        "eid": 252,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,136",
        "eid": 253,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,152",
        "eid": 254,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,152",
        "eid": 255,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,168",
        "eid": 256,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,168",
        "eid": 257,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,168",
        "eid": 258,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,168",
        "eid": 259,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,168",
        "eid": 260,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,168",
        "eid": 261,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,168",
        "eid": 262,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,183",
        "eid": 263,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,183",
        "eid": 264,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,183",
        "eid": 265,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,199",
        "eid": 266,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,199",
        "eid": 267,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,199",
        "eid": 268,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,199",
        "eid": 269,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,199",
        "eid": 270,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,199",
        "eid": 271,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,199",
        "eid": 272,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,199",
        "eid": 273,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,199",
        "eid": 274,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,199",
        "eid": 275,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,215",
        "eid": 276,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,215",
        "eid": 277,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,215",
        "eid": 278,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,215",
        "eid": 279,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,215",
        "eid": 280,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,215",
        "eid": 281,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,230",
        "eid": 282,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,230",
        "eid": 283,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,230",
        "eid": 284,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,230",
        "eid": 285,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,230",
        "eid": 286,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,230",
        "eid": 287,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,230",
        "eid": 288,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,246",
        "eid": 289,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,246",
        "eid": 290,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,246",
        "eid": 291,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,246",
        "eid": 292,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,246",
        "eid": 293,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,246",
        "eid": 294,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,246",
        "eid": 295,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,246",
        "eid": 296,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,246",
        "eid": 297,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,261",
        "eid": 298,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,261",
        "eid": 299,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,261",
        "eid": 300,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,261",
        "eid": 301,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,261",
        "eid": 302,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,277",
        "eid": 303,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,277",
        "eid": 304,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,277",
        "eid": 305,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,277",
        "eid": 306,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,277",
        "eid": 307,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,277",
        "eid": 308,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,308",
        "eid": 309,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,308",
        "eid": 310,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,308",
        "eid": 311,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,308",
        "eid": 312,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,308",
        "eid": 313,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,308",
        "eid": 314,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,308",
        "eid": 315,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,308",
        "eid": 316,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,308",
        "eid": 317,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,308",
        "eid": 318,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,324",
        "eid": 319,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,324",
        "eid": 320,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,324",
        "eid": 321,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,324",
        "eid": 322,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,324",
        "eid": 323,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,324",
        "eid": 324,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,324",
        "eid": 325,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,340",
        "eid": 326,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,340",
        "eid": 327,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,355",
        "eid": 328,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,355",
        "eid": 329,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,355",
        "eid": 330,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,355",
        "eid": 331,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,355",
        "eid": 332,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,355",
        "eid": 333,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,355",
        "eid": 334,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,355",
        "eid": 335,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,371",
        "eid": 336,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,371",
        "eid": 337,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,371",
        "eid": 338,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,371",
        "eid": 339,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,371",
        "eid": 340,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,371",
        "eid": 341,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,371",
        "eid": 342,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,371",
        "eid": 343,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,371",
        "eid": 344,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,371",
        "eid": 345,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,386",
        "eid": 346,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,386",
        "eid": 347,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,386",
        "eid": 348,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,386",
        "eid": 349,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,386",
        "eid": 350,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,386",
        "eid": 351,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,386",
        "eid": 352,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,402",
        "eid": 353,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,402",
        "eid": 354,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,402",
        "eid": 355,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,402",
        "eid": 356,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,418",
        "eid": 357,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,418",
        "eid": 358,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,418",
        "eid": 359,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,418",
        "eid": 360,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,418",
        "eid": 361,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,418",
        "eid": 362,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,449",
        "eid": 363,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,449",
        "eid": 364,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,449",
        "eid": 365,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,449",
        "eid": 366,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,449",
        "eid": 367,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,449",
        "eid": 368,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,449",
        "eid": 369,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,449",
        "eid": 370,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,449",
        "eid": 371,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,449",
        "eid": 372,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,449",
        "eid": 373,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,465",
        "eid": 374,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,465",
        "eid": 375,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,465",
        "eid": 376,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,465",
        "eid": 377,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,465",
        "eid": 378,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,465",
        "eid": 379,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,465",
        "eid": 380,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,465",
        "eid": 381,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,465",
        "eid": 382,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,465",
        "eid": 383,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,480",
        "eid": 384,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,480",
        "eid": 385,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,480",
        "eid": 386,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,496",
        "eid": 387,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,496",
        "eid": 388,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,496",
        "eid": 389,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,496",
        "eid": 390,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,496",
        "eid": 391,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,496",
        "eid": 392,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,496",
        "eid": 393,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,496",
        "eid": 394,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,496",
        "eid": 395,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,496",
        "eid": 396,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,496",
        "eid": 397,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,496",
        "eid": 398,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,496",
        "eid": 399,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,511",
        "eid": 400,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,511",
        "eid": 401,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,511",
        "eid": 402,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,511",
        "eid": 403,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,511",
        "eid": 404,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,511",
        "eid": 405,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,511",
        "eid": 406,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,511",
        "eid": 407,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,543",
        "eid": 408,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,543",
        "eid": 409,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,543",
        "eid": 410,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,543",
        "eid": 411,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,543",
        "eid": 412,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,543",
        "eid": 413,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,558",
        "eid": 414,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,558",
        "eid": 415,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,558",
        "eid": 416,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,574",
        "eid": 417,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,574",
        "eid": 418,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,574",
        "eid": 419,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,574",
        "eid": 420,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,574",
        "eid": 421,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,590",
        "eid": 422,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,605",
        "eid": 423,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,621",
        "eid": 424,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,621",
        "eid": 425,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,621",
        "eid": 426,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,636",
        "eid": 427,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,636",
        "eid": 428,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,636",
        "eid": 429,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,652",
        "eid": 430,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,652",
        "eid": 431,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,652",
        "eid": 432,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,668",
        "eid": 433,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,668",
        "eid": 434,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,668",
        "eid": 435,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,683",
        "eid": 436,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,683",
        "eid": 437,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,699",
        "eid": 438,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,699",
        "eid": 439,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,699",
        "eid": 440,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,715",
        "eid": 441,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,715",
        "eid": 442,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,715",
        "eid": 443,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,730",
        "eid": 444,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,730",
        "eid": 445,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,730",
        "eid": 446,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,746",
        "eid": 447,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,746",
        "eid": 448,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,746",
        "eid": 449,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,761",
        "eid": 450,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,777",
        "eid": 451,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,777",
        "eid": 452,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,777",
        "eid": 453,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,777",
        "eid": 454,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,793",
        "eid": 455,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,793",
        "eid": 456,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,793",
        "eid": 457,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,808",
        "eid": 458,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,808",
        "eid": 459,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,808",
        "eid": 460,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,824",
        "eid": 461,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,824",
        "eid": 462,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,824",
        "eid": 463,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,840",
        "eid": 464,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,855",
        "eid": 465,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,855",
        "eid": 466,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,855",
        "eid": 467,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,871",
        "eid": 468,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,886",
        "eid": 469,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,886",
        "eid": 470,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,886",
        "eid": 471,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,886",
        "eid": 472,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,886",
        "eid": 473,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,886",
        "eid": 474,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,902",
        "eid": 475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,902",
        "eid": 476,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,902",
        "eid": 477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,902",
        "eid": 478,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,902",
        "eid": 479,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,902",
        "eid": 480,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,902",
        "eid": 481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,902",
        "eid": 482,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,902",
        "eid": 483,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,902",
        "eid": 484,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,902",
        "eid": 485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,902",
        "eid": 486,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,902",
        "eid": 487,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,902",
        "eid": 488,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 489,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 490,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders\\StorageDelegate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 491,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 492,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 493,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 494,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\FolderValueFlags",
          "content": "1581568"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 495,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 496,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 497,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 498,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 499,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\FolderValueFlags",
          "content": "513"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 500,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{208D2C60-3AEA-1069-A2D7-08002B30309D}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 501,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
          "content": "36"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 502,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 503,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 504,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\FolderValueFlags",
          "content": "131602"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 505,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
          "content": "1048576"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 506,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{871C5380-42A0-1069-A2EA-08002B30309D}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 507,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\Attributes",
          "content": "@\\x01\\x00 "
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 508,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 509,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 510,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\ShellFolder\\FolderValueFlags",
          "content": "512"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 511,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{645FF040-5081-101B-9F08-00AA002F954E}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 512,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\Attributes",
          "content": "18446744072098938884"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 513,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 515,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\ShellFolder\\FolderValueFlags",
          "content": "4609"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 516,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{26EE0668-A00A-44D7-9371-BEB064C98683}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 517,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\Attributes",
          "content": "18446744073449767213"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 518,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 519,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 520,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\FolderValueFlags",
          "content": "5243433"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\Attributes",
          "content": "18446744072375763213"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 523,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 524,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\ShellFolder\\FolderValueFlags",
          "content": "270880"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 526,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 527,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\Attributes",
          "content": "538443776"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 528,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 529,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 530,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\ShellFolder\\FolderValueFlags",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 531,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{04731B67-D933-450A-90E6-4ACD2E9408FE}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 532,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\Attributes",
          "content": "538443776"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 533,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 534,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 535,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\ShellFolder\\FolderValueFlags",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 536,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{11016101-E366-4D22-BC06-4ADA335C892B}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 537,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\Attributes",
          "content": "18446744073450815757"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,918",
        "eid": 540,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\ShellFolder\\FolderValueFlags",
          "content": "8"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 541,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 542,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\Attributes",
          "content": "18446744073450553661"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 543,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\CallForAttributes",
          "content": "131136"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 544,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 545,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\ShellFolder\\FolderValueFlags",
          "content": "524840"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 546,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{450D8FBA-AD25-11D0-98A8-0800361B1103}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 547,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\Attributes",
          "content": "32"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 548,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 549,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 550,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\ShellFolder\\FolderValueFlags",
          "content": "512"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 551,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 552,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\Attributes",
          "content": "18446744073450553605"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 553,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 554,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\\ShellFolder\\FolderValueFlags",
          "content": "5242912"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 556,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{5B934B42-522B-4C34-BBFE-37A3EF7B9C90}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 557,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\Attributes",
          "content": "537919488"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 558,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 560,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{64693913-1c21-4f30-a98f-4e52906d3b56}\\ShellFolder\\FolderValueFlags",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 561,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{64693913-1C21-4F30-A98F-4E52906D3B56}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\Attributes",
          "content": "538181632"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 563,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 564,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 565,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\ShellFolder\\FolderValueFlags",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 566,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{89D83576-6BD1-4C86-9454-BEB04E94C819}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 567,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\Attributes",
          "content": "538181632"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 568,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 569,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 570,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\ShellFolder\\FolderValueFlags",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{9343812E-1C37-4A49-A12E-4B2D810D956B}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 572,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\Attributes",
          "content": "538443776"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 573,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 574,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 575,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}\\ShellFolder\\FolderValueFlags",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 576,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{98F275B4-4FFF-11E0-89E2-7B86DFD72085}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 577,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\Attributes",
          "content": "538443776"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 580,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{a00ee528-ebd9-48b8-944a-8942113d46ac}\\ShellFolder\\FolderValueFlags",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 581,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{A00EE528-EBD9-48B8-944A-8942113D46AC}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 582,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\Attributes",
          "content": "18446744072376025356"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\CallForAttributes",
          "content": "1048576"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 585,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\ShellFolder\\FolderValueFlags",
          "content": "270880"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 587,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\Attributes",
          "content": "538181632"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 588,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\ShellFolder\\FolderValueFlags",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,933",
        "eid": 591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\Attributes",
          "content": "538443776"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\ShellFolder\\FolderValueFlags",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 597,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\Attributes",
          "content": "538443776"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 598,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 599,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 600,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{e345f35f-9397-435c-8f95-4e922c26259e}\\ShellFolder\\FolderValueFlags",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 601,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{E345F35F-9397-435C-8F95-4E922C26259E}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 602,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\Attributes",
          "content": "537919488"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 603,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 604,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{EDC978D6-4D53-4b2f-A265-5805674BE568}\\ShellFolder\\FolderValueFlags",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 606,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{EDC978D6-4D53-4B2F-A265-5805674BE568}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\Attributes",
          "content": "18446744072367636580"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 610,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\ShellFolder\\FolderValueFlags",
          "content": "1057344"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 611,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 612,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\Attributes",
          "content": "\\x00\\x00\\x10\\xb8"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\FolderValueFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsFORDISPLAY",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 617,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\HideFolderVerbs",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 618,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\UseDropHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsFORPARSING",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsParseDisplayName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 621,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\QueryForOverlay",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 622,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\MapNetDriveVerbs",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 623,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\QueryForInfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 624,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\HideOnDesktopPerUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 625,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsAliasedNotifications",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 626,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsUniversalDelegate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 627,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoFileFolderJunction",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\PinToNameSpaceTree",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\HasNavigationEnum",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 630,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\EnableThumbnails",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 631,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoDefaultToFS",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 632,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\ParseDisplayNameNeedsURL",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\BlockNewFile",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoInitRequired",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 635,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\SafeRootForMTA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 636,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\WantsSendToTarget",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}\\ShellFolder\\NoLocalizedNameInTarget",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 638,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F1893CCF-FB34-4AED-B144-34E940E2FA6D}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\Attributes",
          "content": "18446744073450553605"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 642,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{f8278c54-a712-415b-b593-b77a2be0dda9}\\ShellFolder\\FolderValueFlags",
          "content": "5242912"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 643,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F8278C54-A712-415B-B593-B77A2BE0DDA9}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 644,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\Attributes",
          "content": "18446744072367374336"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 645,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 646,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 647,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\ShellFolder\\FolderValueFlags",
          "content": "1040"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 648,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 649,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\CLSID",
          "content": "{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 650,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,949",
        "eid": 651,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:16,965",
        "eid": 652,
        "data": {
          "file": "C:\\Windows\\System32\\windows.storage.dll",
          "pathtofile": null,
          "moduleaddress": "0x746e0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,965",
        "eid": 653,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\HideNonRemovableDrives",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,965",
        "eid": 654,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\HideNonRemovableDrives",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,965",
        "eid": 655,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,965",
        "eid": 656,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\UseRemovableStorageRegPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,965",
        "eid": 657,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\UseRemovableDrivesRegPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,965",
        "eid": 658,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\UseRemovableDrivesRegPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,965",
        "eid": 659,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\NoDelegateSearchRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,965",
        "eid": 660,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\HideNonStorageServiceMountedDrives",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,965",
        "eid": 661,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\ForceAllDrivesRemovable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,965",
        "eid": 662,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\\Instance\\InitPropertyBag\\ShowAllOpticalDevices",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 663,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 664,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 665,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 666,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data",
          "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00o\\xb6d\\x1c\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 667,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 668,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 669,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
          "content": "32"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 670,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 671,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 672,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Data",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 673,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Data",
          "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\xc4\\xd8c\\xf2\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 674,
        "data": {
          "file": "C:\\Windows\\System32\\propsys.dll",
          "pathtofile": null,
          "moduleaddress": "0x73720000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 675,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 676,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data",
          "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00o\\xb6d\\x1c\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 677,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:16,980",
        "eid": 678,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 679,
        "data": {
          "file": "C:\\Users\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 681,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 682,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 683,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
          "content": "$\\x00\\x00\\x004(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 685,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 686,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 687,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 688,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 689,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 690,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 691,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 692,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 693,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 694,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 695,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 696,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 697,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 698,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 699,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 700,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 701,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 702,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
          "content": "0"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 703,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 704,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 705,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 706,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 707,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 708,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 709,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 710,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 711,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 712,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 713,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 714,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 715,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 716,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 717,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 718,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 719,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 720,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,996",
        "eid": 721,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,011",
        "eid": 722,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,011",
        "eid": 723,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,011",
        "eid": 724,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.exe",
          "content": "program"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,011",
        "eid": 725,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type",
          "content": "application/x-msdownload"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:17,011",
        "eid": 726,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,011",
        "eid": 727,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)",
          "content": "exefile"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,011",
        "eid": 728,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,011",
        "eid": 729,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,011",
        "eid": 730,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,011",
        "eid": 731,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,011",
        "eid": 732,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type",
          "content": "application/x-msdownload"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,011",
        "eid": 733,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,011",
        "eid": 734,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 735,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 736,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 737,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 738,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 739,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 740,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name",
          "content": "Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 741,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 742,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 743,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath",
          "content": "Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 744,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 745,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 746,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21769"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 747,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-183"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 748,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 749,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 750,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 751,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 752,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 753,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 754,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 755,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 756,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 757,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 758,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 759,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 760,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop",
          "content": "%USERPROFILE%\\Desktop"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 761,
        "data": {
          "file": "C:\\Users\\Rajesh\\Desktop\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 762,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 763,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name",
          "content": "Libraries"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 764,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 765,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 766,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath",
          "content": "Microsoft\\Windows\\Libraries"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 767,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 768,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 769,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 770,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 771,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 772,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 773,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 774,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 775,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 776,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 777,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 778,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 779,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 780,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 781,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 782,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 783,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 784,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 785,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
          "content": "AppData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 786,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 787,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 788,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
          "content": "AppData\\Roaming"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 789,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 790,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 791,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 792,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 793,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 794,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 795,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 796,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 798,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 799,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 800,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 801,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 802,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 803,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 804,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 805,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
          "content": "%USERPROFILE%\\AppData\\Roaming"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 806,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 807,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Name",
          "content": "Local Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 808,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 809,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 810,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\RelativePath",
          "content": "Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{d3162b92-9365-467a-956b-92703aca08af}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 813,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 814,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21770"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 815,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-112"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 816,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 817,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 818,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 819,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 820,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 821,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 822,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 823,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 824,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 825,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 826,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 827,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 828,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 829,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 830,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
          "content": "Profile"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 831,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 832,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 833,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 834,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 835,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 836,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 837,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 838,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 839,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 840,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 841,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 842,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 843,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 844,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 845,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 846,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 847,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 848,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,027",
        "eid": 849,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 850,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 851,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 852,
        "data": {
          "file": "C:\\Users\\Rajesh\\Documents\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 853,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 854,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Name",
          "content": "Local Music"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 855,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 856,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 857,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\RelativePath",
          "content": "Music"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 858,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 859,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 860,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12689"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 861,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21790"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 862,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-108"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 863,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 864,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 865,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 866,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 867,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 868,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 869,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 870,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 871,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 872,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 873,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 874,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 875,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A0C69A99-21C8-4671-8703-7934162FCF1D}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 876,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 877,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 878,
        "data": {
          "file": "C:\\Users\\Rajesh\\Music\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 879,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 880,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Name",
          "content": "Local Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 881,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 882,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 883,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\RelativePath",
          "content": "Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 884,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 885,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{24ad3ad4-a569-4530-98e1-ab02f9417aa8}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 886,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12688"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 887,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21779"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 888,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-113"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 889,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 890,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 891,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 892,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 893,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 894,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 895,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 896,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 897,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 898,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 899,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 900,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 901,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{0DDD015D-B06C-45D5-8C4C-F59713854639}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 902,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 903,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 904,
        "data": {
          "file": "C:\\Users\\Rajesh\\Pictures\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 905,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 906,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Name",
          "content": "Local Videos"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 907,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 908,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 909,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\RelativePath",
          "content": "Videos"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 910,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 911,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 912,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12690"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 913,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21791"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 914,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-189"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 915,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 916,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 917,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 918,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 919,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 920,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 921,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 922,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 923,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 924,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 925,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 926,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 927,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 928,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 929,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 930,
        "data": {
          "file": "C:\\Users\\Rajesh\\Videos\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 931,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 932,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Name",
          "content": "Local Downloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 933,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 934,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 935,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\RelativePath",
          "content": "Downloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 936,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 937,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{088e3905-0323-4b02-9826-5d99428e115f}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 938,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 939,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21798"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 940,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-184"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 941,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 942,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 943,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 944,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 945,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 946,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 947,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 948,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 949,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 950,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 951,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,043",
        "eid": 952,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 953,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 954,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 955,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 956,
        "data": {
          "file": "C:\\Users\\Rajesh\\Downloads\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 957,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 958,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 959,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 960,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Name",
          "content": "UsersFilesFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 961,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 962,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 963,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 964,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParsingName",
          "content": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 965,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 966,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 967,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 968,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 969,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 970,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 971,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 972,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 973,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 974,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 975,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 976,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 977,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 978,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 979,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 980,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 981,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 982,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy",
          "content": "{92803FB4-7706-4035-ACD7-F63E069D3697}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 983,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 984,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 985,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegate",
          "content": "{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 986,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\CLSID",
          "content": "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 987,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 988,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 989,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Storage.dll",
          "pathtofile": null,
          "moduleaddress": "0x746e0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 990,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 991,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
          "content": "17"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 992,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\DescriptionID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 993,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 994,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 995,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 996,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,058",
        "eid": 997,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
          "content": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 998,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 999,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Name",
          "content": "Searches"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1000,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1001,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1002,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\RelativePath",
          "content": "Searches"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1003,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1004,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParsingName",
          "content": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{7d1d3a04-debb-4115-95cf-2f29da2920da}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1005,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1006,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-9031"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1007,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-18"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1008,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1009,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1010,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1011,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1012,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1013,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1014,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1015,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1016,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1017,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1018,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\FolderTypeID",
          "content": "{0b0ba2e3-405f-415e-a6ee-cad625207853}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1019,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1020,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1021,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1022,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1023,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1024,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
          "content": "Windows"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1025,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1026,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1027,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1028,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1029,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1030,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1031,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1032,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1033,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1034,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1035,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1036,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1037,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1038,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1039,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1040,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1041,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1042,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1043,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1044,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1045,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
          "content": "ProgramFilesCommon"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1046,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1047,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1048,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1049,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1050,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1051,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1052,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1053,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1054,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1055,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1056,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1057,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1058,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1059,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1060,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1061,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1062,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1063,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1064,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1065,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1066,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Name",
          "content": "MusicLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1067,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParentFolder",
          "content": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1068,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1069,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\RelativePath",
          "content": "Music.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1070,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1071,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1072,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12689"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1073,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34584"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1074,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-1004"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1075,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1076,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1077,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1078,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1079,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1080,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1081,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1082,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1083,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1084,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1085,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1086,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1087,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1088,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Name",
          "content": "PublicLibraries"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1089,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1090,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1091,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\RelativePath",
          "content": "Libraries"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1092,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1093,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1094,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1095,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1096,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1097,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1098,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1099,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Attributes",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1106,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1107,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1108,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1109,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name",
          "content": "Common Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1110,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1111,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1112,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath",
          "content": "Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1113,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1114,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1115,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21799"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1116,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1117,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security",
          "content": "D:P(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1118,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1119,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1120,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1121,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1122,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1123,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1124,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1125,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1126,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1127,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1128,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1129,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1130,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Name",
          "content": "AppDataDocuments"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1131,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1132,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1133,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\RelativePath",
          "content": "Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1134,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1135,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1136,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1137,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1138,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1139,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1140,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1141,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1142,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1143,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1144,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1145,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1146,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1147,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1148,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1149,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1150,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1151,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Name",
          "content": "CD Burning"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1152,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1153,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1154,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\RelativePath",
          "content": "Microsoft\\Windows\\Burn\\Burn"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1155,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1156,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1157,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21815"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1158,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1159,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1160,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1161,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1163,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1165,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1167,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1169,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1171,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Name",
          "content": "SavedPicturesLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParentFolder",
          "content": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1174,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\RelativePath",
          "content": "SavedPictures.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1176,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1177,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1178,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1179,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34583"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1180,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1181,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1182,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-6"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1183,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1184,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1185,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1186,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1188,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Name",
          "content": "MAPIFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1195,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1196,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1197,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParsingName",
          "content": "shell:::{89D83576-6BD1-4C86-9454-BEB04E94C819}\\*"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1199,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1200,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1201,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1203,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1205,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1208,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1209,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1210,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1211,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1212,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,183",
        "eid": 1213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1214,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Name",
          "content": "Common Start Menu"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1216,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1217,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1218,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath",
          "content": "Microsoft\\Windows\\Start Menu"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1219,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21786"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1224,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1225,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1231,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1234,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
          "content": "My Video"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
          "content": "Videos"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{A0953C92-50DC-43BF-BE83-3742FED03C9C}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12690"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1243,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21791"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-189"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1249,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1252,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1253,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1254,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1255,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1257,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1258,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1259,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1260,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Name",
          "content": "Quick Launch"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1264,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\RelativePath",
          "content": "Microsoft\\Internet Explorer\\Quick Launch"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1265,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1266,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1267,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1268,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1269,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1270,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1271,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1272,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1273,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1280,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1281,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1282,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
          "content": "ProgramFilesCommonX86"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1283,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1284,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1285,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1286,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1287,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1288,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1289,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1290,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1291,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1293,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1294,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1295,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1296,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1297,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1298,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1299,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1300,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1301,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1302,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1303,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Name",
          "content": "3D Objects"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1304,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParentFolder",
          "content": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1305,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1306,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\RelativePath",
          "content": "3D Objects"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1307,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1308,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1309,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21825"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1310,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-198"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1311,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1312,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1313,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1314,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1315,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1316,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1317,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1318,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1319,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1320,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1321,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\FolderTypeID",
          "content": "{b3690e58-e961-423b-b687-386ebfd83239}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1322,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1323,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1324,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1325,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1326,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1327,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Name",
          "content": "ConnectionsFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1328,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1329,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1330,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1331,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1332,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1334,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1336,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1337,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1338,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1339,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1340,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1341,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1342,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1343,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1344,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1345,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1346,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1347,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1348,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1349,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Name",
          "content": "PrintersFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1350,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1351,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1352,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1353,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1354,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParsingName",
          "content": "::{21EC2020-3AEA-1069-A2DD-08002B30309D}\\::{2227A280-3AEA-1069-A2DE-08002B30309D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1355,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1356,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1357,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1358,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1359,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1360,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1361,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1362,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1363,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1364,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1365,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1366,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1367,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1368,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1369,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1370,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1371,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Name",
          "content": "VideosLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1372,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParentFolder",
          "content": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1373,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1374,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\RelativePath",
          "content": "Videos.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1375,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1376,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{491E922F-5643-4af4-A7EB-4E7A138D8174}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1377,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12690"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1378,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34620"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1379,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-1005"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1380,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1382,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1383,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1384,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1385,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1386,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1387,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1388,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1389,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1390,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1391,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1392,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1393,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
          "content": "My Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1394,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1395,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1396,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
          "content": "Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1397,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1398,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{3ADD1653-EB32-4CB0-BBD7-DFA0ABB5ACCA}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1399,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12688"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1400,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21779"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1401,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-113"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1402,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1403,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1404,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1405,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1406,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1407,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1409,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1410,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1411,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1412,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1413,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1414,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1416,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1417,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1418,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Name",
          "content": "ResourceDir"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1419,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1420,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1421,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1422,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1423,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1424,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1425,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1426,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1427,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1428,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1429,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1430,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1431,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1432,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1433,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,199",
        "eid": 1434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1435,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1437,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1438,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1439,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
          "content": "Common Startup"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1440,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
          "content": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1441,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1442,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
          "content": "StartUp"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1443,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1444,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1445,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21787"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1446,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1447,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1448,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1449,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1455,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1456,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1458,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1460,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Name",
          "content": "PublicGameTasks"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1461,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\RelativePath",
          "content": "Microsoft\\Windows\\GameExplorer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1466,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1467,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1469,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1470,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1471,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1472,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1473,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1474,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1478,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1479,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1480,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Name",
          "content": "SyncSetupFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1482,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1483,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1484,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1486,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C},"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1487,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1488,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1489,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1490,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1491,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1492,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1493,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1494,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1495,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1496,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1497,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1498,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1499,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1500,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1501,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1502,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1503,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
          "content": "CommonVideo"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1504,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1505,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1506,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
          "content": "Videos"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1507,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1508,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12690"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1509,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21804"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1510,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1511,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1512,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1513,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1515,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1516,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1517,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1518,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1519,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1520,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1523,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1524,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name",
          "content": "History"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1526,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1527,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1528,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath",
          "content": "Microsoft\\Windows\\History"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1529,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1530,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1531,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1532,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1533,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1534,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1535,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1536,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1537,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1540,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1541,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1542,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1543,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1544,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1545,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1546,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Name",
          "content": "SyncResultsFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1547,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1548,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1549,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1550,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1551,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{BC48B32F-5910-47F5-8570-5074A8A5636A},"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1552,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1553,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1554,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1556,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1557,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1558,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1560,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1561,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1563,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1564,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1565,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1566,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1567,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1568,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Name",
          "content": "ConflictFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1569,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1570,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1572,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1573,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{E413D040-6788-4C22-957E-175D1C513A34},"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1574,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1575,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1576,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1577,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1580,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1581,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1582,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1585,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1587,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1588,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Name",
          "content": "RecycleBinFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParsingName",
          "content": "::{645FF040-5081-101B-9F08-00AA002F954E}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1597,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1598,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1599,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1600,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1601,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1602,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1603,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1604,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1606,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1610,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1611,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Name",
          "content": "CSCFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1612,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParsingName",
          "content": "shell:::{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\*"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1617,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1618,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1621,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1622,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1623,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1624,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1625,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1626,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1627,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1630,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1631,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1632,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Name",
          "content": "Ringtones"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1635,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\RelativePath",
          "content": "Microsoft\\Windows\\Ringtones"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1636,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1638,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1642,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1643,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1644,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1645,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1646,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1647,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1648,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1649,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1650,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1651,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1652,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1653,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Name",
          "content": "Common Programs"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1654,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParentFolder",
          "content": "{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1655,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1656,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\RelativePath",
          "content": "Programs"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1657,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1658,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1659,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21782"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1660,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1661,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1662,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1663,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1664,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1665,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1666,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1667,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1668,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1669,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1670,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1671,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1672,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1673,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1674,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Name",
          "content": "NetHood"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1675,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1676,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\RelativePath",
          "content": "Microsoft\\Windows\\Network Shortcuts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1678,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1679,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1681,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1682,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1683,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1685,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1686,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1687,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1688,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1689,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1690,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:17,215",
        "eid": 1691,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:17,261",
        "eid": 1692,
        "data": {
          "file": "C:\\Users\\Rajesh\\Searches\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:17,277",
        "eid": 1693,
        "data": {
          "file": "C:\\Users\\Rajesh\\Contacts\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:17,277",
        "eid": 1694,
        "data": {
          "file": "C:\\Users\\Rajesh\\Favorites\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:17,277",
        "eid": 1695,
        "data": {
          "file": "C:\\Users\\Rajesh\\Links\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:17,277",
        "eid": 1696,
        "data": {
          "file": "C:\\Users\\Rajesh\\Saved Games\\desktop.ini"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,808",
        "eid": 1697,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,808",
        "eid": 1698,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,824",
        "eid": 1699,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,840",
        "eid": 1700,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll",
          "pathtofile": null,
          "moduleaddress": "0x73640000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,871",
        "eid": 1701,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,871",
        "eid": 1702,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,871",
        "eid": 1703,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75d20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,886",
        "eid": 1704,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\urlmon.dll",
          "pathtofile": null,
          "moduleaddress": "0x73490000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,886",
        "eid": 1705,
        "data": {
          "file": "msiso.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,902",
        "eid": 1706,
        "data": {
          "file": "msiso.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,902",
        "eid": 1707,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\WinTypes.dll",
          "pathtofile": null,
          "moduleaddress": "0x73890000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,902",
        "eid": 1708,
        "data": {
          "file": "C:\\Windows\\System32\\WinTypes.dll",
          "pathtofile": null,
          "moduleaddress": "0x73890000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,918",
        "eid": 1709,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76320000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,027",
        "eid": 1710,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\appresolver.dll",
          "pathtofile": null,
          "moduleaddress": "0x733e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,043",
        "eid": 1711,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\OneCoreCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x732e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,058",
        "eid": 1712,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\OneCoreUAPCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x72f30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,199",
        "eid": 1713,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x76f00000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,199",
        "eid": 1714,
        "data": {
          "file": "api-ms-win-eventing-provider-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-06-28 21:56:21,715",
        "eid": 1715,
        "data": {
          "file": "vs_bootstrapper_d15\\vs_setup_bootstrapper.exe "
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,715",
        "eid": 1716,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:28,652",
        "eid": 1717,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:50,074",
        "eid": 1718,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1719,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1720,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1721,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1722,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1723,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1724,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1725,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1726,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1727,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1728,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1729,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1730,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1731,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1732,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1733,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1734,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1735,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1736,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1737,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1738,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1739,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1740,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1741,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1742,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1743,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1744,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1745,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1746,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1747,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1748,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,027",
        "eid": 1749,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1750,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1751,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1752,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1753,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1754,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1755,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1756,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1757,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1758,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1759,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1760,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1761,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1762,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1763,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1764,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1765,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1766,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1767,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1768,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1769,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,043",
        "eid": 1770,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,058",
        "eid": 1771,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,058",
        "eid": 1772,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,058",
        "eid": 1773,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,058",
        "eid": 1774,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,058",
        "eid": 1775,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,058",
        "eid": 1776,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,058",
        "eid": 1777,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,058",
        "eid": 1778,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,058",
        "eid": 1779,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,074",
        "eid": 1780,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,074",
        "eid": 1781,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,074",
        "eid": 1782,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,074",
        "eid": 1783,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,074",
        "eid": 1784,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,074",
        "eid": 1785,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,074",
        "eid": 1786,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,090",
        "eid": 1787,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,090",
        "eid": 1788,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,090",
        "eid": 1789,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,090",
        "eid": 1790,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,090",
        "eid": 1791,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,090",
        "eid": 1792,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,090",
        "eid": 1793,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,090",
        "eid": 1794,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,090",
        "eid": 1795,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,090",
        "eid": 1796,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,090",
        "eid": 1797,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,105",
        "eid": 1798,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,105",
        "eid": 1799,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,105",
        "eid": 1800,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,105",
        "eid": 1801,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,105",
        "eid": 1802,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,105",
        "eid": 1803,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,105",
        "eid": 1804,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,105",
        "eid": 1805,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,105",
        "eid": 1806,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\"
        }
      },
      {
        "event": "delete",
        "object": "dir",
        "timestamp": "2026-06-28 21:58:45,105",
        "eid": 1807,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,121",
        "eid": 1808,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,121",
        "eid": 1809,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,121",
        "eid": 1810,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,121",
        "eid": 1811,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,121",
        "eid": 1812,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,121",
        "eid": 1813,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,121",
        "eid": 1814,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,121",
        "eid": 1815,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-28 21:58:45,121",
        "eid": 1816,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\dd_vs_Community_1__decompression_log.txt"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,121",
        "eid": 1817,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,168",
        "eid": 1818,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,168",
        "eid": 1819,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,168",
        "eid": 1820,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,168",
        "eid": 1821,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,168",
        "eid": 1822,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,168",
        "eid": 1823,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,168",
        "eid": 1824,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,168",
        "eid": 1825,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,168",
        "eid": 1826,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,168",
        "eid": 1827,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,168",
        "eid": 1828,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,168",
        "eid": 1829,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,168",
        "eid": 1830,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,183",
        "eid": 1831,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:45,183",
        "eid": 1832,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-06-28 21:56:31,453",
        "eid": 1833,
        "data": {
          "file": "C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe -secured -Embedding"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:31,640",
        "eid": 1834,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a7170000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:09,124",
        "eid": 1835,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a7170000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:31,062",
        "eid": 1836,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a7170000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:39,890",
        "eid": 1837,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a7170000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:58:51,624",
        "eid": 1838,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a7170000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-29 13:56:25,173",
        "eid": 1839,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75130000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-29 13:56:27,564",
        "eid": 1840,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemprox.dll",
          "pathtofile": null,
          "moduleaddress": "0x721b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-29 13:56:27,579",
        "eid": 1841,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemsvc.dll",
          "pathtofile": null,
          "moduleaddress": "0x72120000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-29 13:56:27,579",
        "eid": 1842,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\fastprox.dll",
          "pathtofile": null,
          "moduleaddress": "0x72050000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-29 13:56:27,610",
        "eid": 1843,
        "data": {
          "file": "amsi.dll",
          "pathtofile": null,
          "moduleaddress": "0x72030000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-29 13:56:27,626",
        "eid": 1844,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wmiutils.dll",
          "pathtofile": null,
          "moduleaddress": "0x70f10000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-29 13:56:27,673",
        "eid": 1845,
        "data": {
          "file": "API-MS-Win-Security-Base-L1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-29 13:56:27,673",
        "eid": 1846,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\stdprov.dll",
          "pathtofile": null,
          "moduleaddress": "0x6f860000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-29 13:56:27,576",
        "eid": 1847,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff98bab0000"
        }
      }
    ],
    "encryptedbuffers": [],
    "network_map": {
      "endpoint_map": {},
      "http_host_map": {},
      "dns_intents": {},
      "http_requests": [],
      "winhttp_sessions": [],
      "com_activations": []
    }
  },
  "debug": {
    "log": "2026-06-28 14:55:58,326 [root] INFO: Date set to: 20260629T13:55:49, timeout set to: 200\n2026-06-29 13:55:51,246 [root] DEBUG: Starting analyzer from: C:\\7d7wfxi0\n2026-06-29 13:55:51,253 [root] DEBUG: Storing results at: C:\\UfGevMwj\n2026-06-29 13:55:51,254 [root] DEBUG: Pipe server name: \\\\.\\PIPE\\XCYBIPQd\n2026-06-29 13:55:51,255 [root] DEBUG: Python path: C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314\n2026-06-29 13:55:51,265 [root] INFO: analysis running as an admin\n2026-06-29 13:55:51,265 [root] INFO: analysis package specified: \"exe\"\n2026-06-29 13:55:51,265 [root] DEBUG: importing analysis package module: \"modules.packages.exe\"...\n2026-06-28 14:56:01,674 [root] DEBUG: imported analysis package \"exe\"\n2026-06-28 14:56:01,674 [root] DEBUG: initializing analysis package \"exe\"...\n2026-06-28 14:56:01,674 [lib.common.common] INFO: no wrapping\n2026-06-28 14:56:01,675 [lib.core.compound] INFO: C:\\Users\\Rajesh\\AppData\\Local\\Temp already exists, skipping creation\n2026-06-28 14:56:01,675 [root] DEBUG: New location of moved file: C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe\n2026-06-28 14:56:01,675 [root] INFO: Analyzer: Package modules.packages.exe does not specify a dll option\n2026-06-28 14:56:01,676 [root] INFO: Analyzer: Package modules.packages.exe does not specify a dll_64 option\n2026-06-28 14:56:01,676 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option\n2026-06-28 14:56:01,676 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option\n2026-06-28 14:56:02,016 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.browser\"\n2026-06-28 14:56:02,128 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.digisig\"\n2026-06-28 14:56:02,202 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.disguise\"\n2026-06-28 14:56:02,345 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.human\"\n2026-06-28 14:56:02,361 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'\n2026-06-28 14:56:02,362 [lib.api.screenshot] ERROR: No module named 'PIL'\n2026-06-28 14:56:02,363 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.screenshots\"\n2026-06-28 14:56:02,371 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.tlsdump\"\n2026-06-28 14:56:02,373 [root] DEBUG: Initialized auxiliary module \"Browser\"\n2026-06-28 14:56:02,373 [root] DEBUG: attempting to configure 'Browser' from data\n2026-06-28 14:56:02,376 [root] DEBUG: module Browser does not support data configuration, ignoring\n2026-06-28 14:56:02,376 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.browser\"...\n2026-06-28 14:56:02,396 [root] DEBUG: Started auxiliary module modules.auxiliary.browser\n2026-06-28 14:56:02,397 [root] DEBUG: Initialized auxiliary module \"DigiSig\"\n2026-06-28 14:56:02,397 [root] DEBUG: attempting to configure 'DigiSig' from data\n2026-06-28 14:56:02,398 [root] DEBUG: module DigiSig does not support data configuration, ignoring\n2026-06-28 14:56:02,399 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.digisig\"...\n2026-06-28 14:56:02,399 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature\n2026-06-28 14:56:03,474 [modules.auxiliary.digisig] DEBUG: File has an invalid signature\n2026-06-28 14:56:03,475 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json\n2026-06-28 14:56:03,477 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig\n2026-06-28 14:56:03,477 [root] DEBUG: Initialized auxiliary module \"Disguise\"\n2026-06-28 14:56:03,477 [root] DEBUG: attempting to configure 'Disguise' from data\n2026-06-28 14:56:03,481 [root] DEBUG: module Disguise does not support data configuration, ignoring\n2026-06-28 14:56:03,481 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.disguise\"...\n2026-06-28 14:56:03,501 [modules.auxiliary.disguise] INFO: Launched background process notepad.exe hidden (PID: 3340)\n2026-06-28 14:56:03,527 [modules.auxiliary.disguise] INFO: Disguising GUID to 6add7e01-1b7f-4b68-a9d2-de3c3a2a085d\n2026-06-28 14:56:03,529 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise\n2026-06-28 14:56:03,529 [root] DEBUG: Initialized auxiliary module \"Human\"\n2026-06-28 14:56:03,530 [root] DEBUG: attempting to configure 'Human' from data\n2026-06-28 14:56:03,532 [root] DEBUG: module Human does not support data configuration, ignoring\n2026-06-28 14:56:03,533 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.human\"...\n2026-06-28 14:56:03,537 [root] DEBUG: Started auxiliary module modules.auxiliary.human\n2026-06-28 14:56:03,538 [root] DEBUG: Initialized auxiliary module \"Screenshots\"\n2026-06-28 14:56:03,538 [root] DEBUG: attempting to configure 'Screenshots' from data\n2026-06-28 14:56:03,539 [root] DEBUG: module Screenshots does not support data configuration, ignoring\n2026-06-28 14:56:03,539 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.screenshots\"...\n2026-06-28 14:56:03,541 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled\n2026-06-28 14:56:03,542 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots\n2026-06-28 14:56:03,547 [root] DEBUG: Initialized auxiliary module \"TLSDumpMasterSecrets\"\n2026-06-28 14:56:03,547 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data\n2026-06-28 14:56:03,548 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring\n2026-06-28 14:56:03,548 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.tlsdump\"...\n2026-06-28 14:56:03,554 [modules.auxiliary.tlsdump] WARNING: Unable to find lsass.exe process\n2026-06-28 14:56:03,555 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump\n2026-06-28 14:56:09,702 [root] INFO: Restarting WMI Service\n2026-06-28 14:56:12,058 [root] DEBUG: package modules.packages.exe does not support configure, ignoring\n2026-06-28 14:56:12,061 [root] WARNING: configuration error for package modules.packages.exe: error importing data.packages.exe: No module named 'data.packages'\n2026-06-28 14:56:12,062 [lib.core.compound] INFO: C:\\Users\\Rajesh\\AppData\\Local\\Temp already exists, skipping creation\n2026-06-28 14:56:12,076 [lib.api.process] INFO: Successfully executed process from path \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe\" with arguments \"\" with pid 3412\n2026-06-28 14:56:12,086 [lib.api.process] INFO: Monitor config for process 3412: C:\\7d7wfxi0\\dll\\3412.ini\n2026-06-28 14:56:12,102 [lib.api.process] INFO: 32-bit DLL to inject is C:\\7d7wfxi0\\dll\\UKRfjrH.dll, loader C:\\7d7wfxi0\\bin\\DSOfeqa.exe\n2026-06-28 14:56:12,126 [root] DEBUG: Loader: Injecting process 3412 (thread 3636) with C:\\7d7wfxi0\\dll\\UKRfjrH.dll.\n2026-06-28 14:56:12,136 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-06-28 14:56:12,137 [root] DEBUG: Successfully injected DLL C:\\7d7wfxi0\\dll\\UKRfjrH.dll.\n2026-06-28 14:56:12,141 [lib.api.process] INFO: Injected into 32-bit <Process 3412 vs_Community_1_.exe>\n2026-06-28 14:56:14,146 [lib.api.process] INFO: Successfully resumed process with pid 3412\n2026-06-28 14:56:14,181 [root] DEBUG: 3412: Python path set to 'C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314'.\n2026-06-28 14:56:14,186 [root] DEBUG: 3412: Disabling sleep skipping.\n2026-06-28 14:56:14,188 [root] DEBUG: 3412: Dropped file limit defaulting to 100.\n2026-06-28 14:56:14,334 [root] DEBUG: 3412: YaraInit: Compiled 44 rule files\n2026-06-28 14:56:14,341 [root] DEBUG: 3412: YaraInit: Compiled rules saved to file C:\\7d7wfxi0\\data\\yara\\capemon.yac\n2026-06-28 14:56:14,343 [root] DEBUG: 3412: YaraScan: Scanning 0x00C80000, size 0x6d70e\n2026-06-28 14:56:14,353 [root] DEBUG: 3412: Monitor initialised: 32-bit capemon loaded in process 3412 at 0x743d0000, thread 3636, image base 0xc80000, stack from 0x4de2000-0x4df0000\n2026-06-28 14:56:14,354 [root] DEBUG: 3412: Commandline: \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\vs_Community_1_.exe\"\n2026-06-28 14:56:14,433 [root] DEBUG: 3412: hook_api: LdrpCallInitRoutine export address 0x76F72980 obtained via GetFunctionAddress\n2026-06-28 14:56:14,471 [root] DEBUG: 3412: hook_api: Trampoline creation failed for GetCommandLineA, retrying with HOOK_SAFEST\n2026-06-28 14:56:14,472 [root] DEBUG: 3412: hook_api: Trampoline creation failed for GetCommandLineW, retrying with HOOK_SAFEST\n2026-06-28 14:56:14,493 [root] DEBUG: 3412: Hooked 635 out of 635 functions\n2026-06-28 14:56:14,498 [root] DEBUG: 3412: Syscall hook installed, syscall logging level 1\n2026-06-28 14:56:14,509 [root] DEBUG: 3412: RestoreHeaders: Restored original import table.\n2026-06-28 14:56:14,511 [root] INFO: Loaded monitor into process with pid 3412\n2026-06-28 14:56:14,530 [root] DEBUG: 3412: InstrumentationCallback: Added region at 0x751524AC (base 0x75130000) to tracked regions list (thread 3636).\n2026-06-28 14:56:14,531 [root] DEBUG: 3412: ProcessTrackedRegion: Region at 0x75130000 mapped as \\Device\\HarddiskVolume2\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-06-28 14:56:14,540 [root] DEBUG: 3412: caller_dispatch: Added region at 0x00C80000 to tracked regions list (kernel32::LoadLibraryExW returns to 0x00CA0433, thread 3636).\n2026-06-28 14:56:14,542 [root] DEBUG: 3412: YaraScan: Scanning 0x00C80000, size 0x6d70e\n2026-06-28 14:56:14,547 [root] DEBUG: 3412: ProcessImageBase: Main module image at 0x00C80000 unmodified (entropy change 0.000000e+00)\n2026-06-28 14:56:14,557 [root] DEBUG: 3412: DLL loaded at 0x74160000: C:\\Windows\\system32\\cabinet (0x20000 bytes).\n2026-06-28 14:56:14,560 [root] DEBUG: 3412: DLL loaded at 0x740D0000: C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4d\\COMCTL32 (0x8d000 bytes).\n2026-06-28 14:56:14,563 [root] DEBUG: 3412: DLL loaded at 0x740C0000: C:\\Windows\\system32\\version (0x8000 bytes).\n2026-06-28 14:56:14,571 [root] DEBUG: 3412: DLL loaded at 0x755E0000: C:\\Windows\\System32\\shcore (0x87000 bytes).\n2026-06-28 14:56:14,617 [root] DEBUG: 3412: DLL loaded at 0x740A0000: C:\\Windows\\SYSTEM32\\CRYPTSP (0x13000 bytes).\n2026-06-28 14:56:14,621 [root] DEBUG: 3412: DLL loaded at 0x74070000: C:\\Windows\\system32\\rsaenh (0x2f000 bytes).\n2026-06-28 14:56:14,624 [root] DEBUG: 3412: DLL loaded at 0x769D0000: C:\\Windows\\System32\\bcryptPrimitives (0x5f000 bytes).\n2026-06-28 14:56:14,640 [root] DEBUG: 3412: DLL loaded at 0x73E00000: C:\\Windows\\SYSTEM32\\iertutil (0x22b000 bytes).\n2026-06-28 14:56:14,641 [root] DEBUG: 3412: DLL loaded at 0x74030000: C:\\Windows\\SYSTEM32\\feclient (0x34000 bytes).\n2026-06-28 14:56:14,661 [root] DEBUG: 3412: DLL loaded at 0x73D80000: C:\\Windows\\system32\\uxtheme (0x74000 bytes).\n2026-06-28 14:56:14,666 [root] DEBUG: 3412: DLL loaded at 0x768E0000: C:\\Windows\\System32\\MSCTF (0xd3000 bytes).\n2026-06-28 14:56:14,699 [root] DEBUG: 3412: DLL loaded at 0x74CF0000: C:\\Windows\\SYSTEM32\\kernel.appcore (0xf000 bytes).\n2026-06-28 14:56:14,741 [root] DEBUG: 3412: DLL loaded at 0x73970000: C:\\Windows\\SYSTEM32\\ntmarta (0x29000 bytes).\n2026-06-28 14:56:14,742 [root] DEBUG: 3412: DLL loaded at 0x739A0000: C:\\Windows\\System32\\CoreMessaging (0x9b000 bytes).\n2026-06-28 14:56:14,743 [root] DEBUG: 3412: DLL loaded at 0x73890000: C:\\Windows\\SYSTEM32\\wintypes (0xdb000 bytes).\n2026-06-28 14:56:14,744 [root] DEBUG: 3412: DLL loaded at 0x73A40000: C:\\Windows\\System32\\CoreUIComponents (0x27e000 bytes).\n2026-06-28 14:56:14,745 [root] DEBUG: 3412: DLL loaded at 0x73CC0000: C:\\Windows\\SYSTEM32\\textinputframework (0xb9000 bytes).\n2026-06-28 14:56:14,816 [root] DEBUG: 3412: DLL loaded at 0x737F0000: C:\\Windows\\SYSTEM32\\TextShaping (0x94000 bytes).\n2026-06-28 14:56:15,260 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html\n2026-06-28 14:56:15,289 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html\n2026-06-28 14:56:15,314 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html\n2026-06-28 14:56:15,335 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html\n2026-06-28 14:56:15,355 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html\n2026-06-28 14:56:15,376 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html\n2026-06-28 14:56:15,400 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html\n2026-06-28 14:56:15,430 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html\n2026-06-28 14:56:15,452 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html\n2026-06-28 14:56:15,478 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html\n2026-06-28 14:56:15,505 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html\n2026-06-28 14:56:15,528 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html\n2026-06-28 14:56:15,558 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html\n2026-06-28 14:56:15,591 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html\n2026-06-28 14:56:15,622 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe\n2026-06-28 14:56:15,735 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll\n2026-06-28 14:56:15,756 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll\n2026-06-28 14:56:15,780 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll\n2026-06-28 14:56:15,850 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll\n2026-06-28 14:56:15,870 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll\n2026-06-28 14:56:15,897 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll\n2026-06-28 14:56:15,932 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll\n2026-06-28 14:56:15,953 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll\n2026-06-28 14:56:15,987 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll\n2026-06-28 14:56:16,057 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll\n2026-06-28 14:56:16,096 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll\n2026-06-28 14:56:16,141 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll\n2026-06-28 14:56:16,162 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll\n2026-06-28 14:56:16,285 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll\n2026-06-28 14:56:16,427 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll\n2026-06-28 14:56:16,532 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll\n2026-06-28 14:56:16,573 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll\n2026-06-28 14:56:16,594 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll\n2026-06-28 14:56:16,611 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll\n2026-06-28 14:56:16,627 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll\n2026-06-28 14:56:16,643 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll\n2026-06-28 14:56:16,660 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll\n2026-06-28 14:56:16,676 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll\n2026-06-28 14:56:16,696 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll\n2026-06-28 14:56:16,713 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll\n2026-06-28 14:56:16,727 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll\n2026-06-28 14:56:16,744 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll\n2026-06-28 14:56:16,763 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll\n2026-06-28 14:56:16,779 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll\n2026-06-28 14:56:16,791 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll\n2026-06-28 14:56:16,808 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll\n2026-06-28 14:56:16,821 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll\n2026-06-28 14:56:16,837 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll\n2026-06-28 14:56:16,849 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config\n2026-06-28 14:56:16,860 [root] INFO: Added new file to list with pid 3412 and path C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config\n2026-06-28 14:56:16,873 [root] DEBUG: 3412: Dropped file limit reached.\n2026-06-28 14:56:16,900 [root] DEBUG: 3412: DLL loaded at 0x746B0000: C:\\Windows\\SYSTEM32\\Wldp (0x24000 bytes).\n2026-06-28 14:56:16,902 [root] DEBUG: 3412: DLL loaded at 0x746E0000: C:\\Windows\\SYSTEM32\\windows.storage (0x608000 bytes).\n2026-06-28 14:56:16,910 [root] DEBUG: 3412: DLL loaded at 0x73720000: C:\\Windows\\SYSTEM32\\PROPSYS (0xc2000 bytes).\n2026-06-28 14:56:16,967 [root] DEBUG: 3412: DLL loaded at 0x76A30000: C:\\Windows\\System32\\clbcatq (0x7e000 bytes).\n2026-06-28 14:56:16,988 [root] DEBUG: 3412: DLL loaded at 0x75720000: C:\\Windows\\System32\\CFGMGR32 (0x3b000 bytes).\n2026-06-28 14:56:17,041 [root] DEBUG: 3412: DLL loaded at 0x73700000: C:\\Windows\\SYSTEM32\\profapi (0x18000 bytes).\n2026-06-28 14:56:17,231 [root] DEBUG: 3412: api-rate-cap: NtQueryValueKey hook disabled due to rate\n2026-06-28 14:56:17,300 [root] DEBUG: 3412: DLL loaded at 0x736E0000: C:\\Windows\\SYSTEM32\\edputil (0x1b000 bytes).\n2026-06-28 14:56:17,613 [lib.api.process] INFO: Monitor config for process 756: C:\\7d7wfxi0\\dll\\756.ini\n2026-06-28 14:56:17,618 [lib.api.process] INFO: 64-bit DLL to inject is C:\\7d7wfxi0\\dll\\sctTxzh.dll, loader C:\\7d7wfxi0\\bin\\kTLHFLzB.exe\n2026-06-28 14:56:17,641 [root] DEBUG: Loader: Injecting process 756 with C:\\7d7wfxi0\\dll\\sctTxzh.dll.\n2026-06-28 14:56:17,650 [root] DEBUG: 756: Python path set to 'C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314'.\n2026-06-28 14:56:17,651 [root] DEBUG: 756: Disabling sleep skipping.\n2026-06-28 14:56:17,652 [root] DEBUG: 756: Dropped file limit defaulting to 100.\n2026-06-28 14:56:17,657 [root] DEBUG: 756: Services hook set enabled\n2026-06-28 14:56:17,661 [root] DEBUG: 756: YaraInit: Compiled rules loaded from existing file C:\\7d7wfxi0\\data\\yara\\capemon.yac\n2026-06-29 06:56:11,229 [root] DEBUG: 756: RtlInsertInvertedFunctionTable 0x00007FF9AAA0090E, LdrpInvertedFunctionTableSRWLock 0x00007FF9AAB5B4F0\n2026-06-29 06:56:11,231 [root] DEBUG: 756: Monitor initialised: 64-bit capemon loaded in process 756 at 0x00007FF986270000, thread 4640, image base 0x00007FF69D480000, stack from 0x00000036AC3F4000-0x00000036AC400000\n2026-06-29 06:56:11,233 [root] DEBUG: 756: Commandline: C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p\n2026-06-29 06:56:11,256 [root] DEBUG: 756: Hooked 69 out of 69 functions\n2026-06-29 06:56:11,264 [root] INFO: Loaded monitor into process with pid 756\n2026-06-29 06:56:11,267 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-06-29 06:56:11,268 [root] DEBUG: Successfully injected DLL C:\\7d7wfxi0\\dll\\sctTxzh.dll.\n2026-06-29 06:56:11,275 [lib.api.process] INFO: Injected into 64-bit <Process 756 svchost.exe>\n2026-06-29 06:56:13,319 [root] DEBUG: 3412: DLL loaded at 0x73640000: C:\\Windows\\System32\\Windows.StateRepositoryPS (0x93000 bytes).\n2026-06-29 06:56:13,341 [root] DEBUG: 3412: DLL loaded at 0x73470000: C:\\Windows\\SYSTEM32\\srvcli (0x1d000 bytes).\n2026-06-29 06:56:13,342 [root] DEBUG: 3412: DLL loaded at 0x73460000: C:\\Windows\\SYSTEM32\\netutils (0xb000 bytes).\n2026-06-29 06:56:13,346 [root] DEBUG: 3412: DLL loaded at 0x73490000: C:\\Windows\\SYSTEM32\\urlmon (0x1a8000 bytes).\n2026-06-29 06:56:13,405 [root] DEBUG: 3412: DLL loaded at 0x73390000: C:\\Windows\\System32\\Bcp47Langs (0x49000 bytes).\n2026-06-29 06:56:13,496 [root] DEBUG: 3412: DLL loaded at 0x73320000: C:\\Windows\\System32\\sppc (0x1c000 bytes).\n2026-06-29 06:56:13,497 [root] DEBUG: 3412: DLL loaded at 0x73370000: C:\\Windows\\System32\\SLC (0x1f000 bytes).\n2026-06-29 06:56:13,498 [root] DEBUG: 3412: DLL loaded at 0x73340000: C:\\Windows\\System32\\USERENV (0x25000 bytes).\n2026-06-29 06:56:13,499 [root] DEBUG: 3412: DLL loaded at 0x733E0000: C:\\Windows\\System32\\appresolver (0x71000 bytes).\n2026-06-29 06:56:13,511 [root] DEBUG: 3412: DLL loaded at 0x732E0000: C:\\Windows\\System32\\OneCoreCommonProxyStub (0x3d000 bytes).\n2026-06-29 06:56:13,527 [root] DEBUG: 3412: DLL loaded at 0x72F30000: C:\\Windows\\System32\\OneCoreUAPCommonProxyStub (0x3a1000 bytes).\n2026-06-29 06:56:13,540 [root] DEBUG: 3412: DLL loaded at 0x72F10000: C:\\Windows\\SYSTEM32\\MPR (0x19000 bytes).\n2026-06-29 06:56:13,682 [root] DEBUG: 3412: DLL loaded at 0x72EF0000: C:\\Windows\\SYSTEM32\\pcacli (0x11000 bytes).\n2026-06-29 06:56:13,684 [root] INFO: Announced 32-bit process name: vs_setup_bootstrapper.exe pid: 3236\n2026-06-29 06:56:13,684 [lib.api.process] INFO: Monitor config for process 3236: C:\\7d7wfxi0\\dll\\3236.ini\n2026-06-29 06:56:15,161 [lib.api.process] INFO: 32-bit DLL to inject is C:\\7d7wfxi0\\dll\\UKRfjrH.dll, loader C:\\7d7wfxi0\\bin\\DSOfeqa.exe\n2026-06-29 06:56:15,176 [root] DEBUG: Loader: Injecting process 3236 with C:\\7d7wfxi0\\dll\\UKRfjrH.dll.\n2026-06-29 06:56:15,178 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=2).\n2026-06-29 06:56:15,185 [root] DEBUG: Successfully injected DLL C:\\7d7wfxi0\\dll\\UKRfjrH.dll.\n2026-06-29 06:56:19,477 [root] DEBUG: 756: CreateProcessHandler: Injection info set for new process 3712: C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe, ImageBase: 0x0000000000A70000\n2026-06-29 06:56:19,482 [root] INFO: Announced 32-bit process name: WmiPrvSE.exe pid: 3712\n2026-06-29 06:56:19,482 [lib.api.process] INFO: Monitor config for process 3712: C:\\7d7wfxi0\\dll\\3712.ini\n2026-06-29 06:56:23,682 [lib.api.process] INFO: 32-bit DLL to inject is C:\\7d7wfxi0\\dll\\UKRfjrH.dll, loader C:\\7d7wfxi0\\bin\\DSOfeqa.exe\n2026-06-29 06:56:23,763 [root] DEBUG: Loader: Injecting process 3712 (thread 4420) with C:\\7d7wfxi0\\dll\\UKRfjrH.dll.\n2026-06-29 06:56:23,840 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-06-29 06:56:23,889 [root] DEBUG: Successfully injected DLL C:\\7d7wfxi0\\dll\\UKRfjrH.dll.\n2026-06-29 06:56:23,894 [lib.api.process] INFO: Injected into 32-bit <Process 3712 WmiPrvSE.exe>\n2026-06-29 06:56:23,899 [root] INFO: Announced 32-bit process name: WmiPrvSE.exe pid: 3712\n2026-06-29 06:56:23,901 [lib.api.process] INFO: Monitor config for process 3712: C:\\7d7wfxi0\\dll\\3712.ini\n2026-06-29 06:56:24,891 [lib.api.process] INFO: 32-bit DLL to inject is C:\\7d7wfxi0\\dll\\UKRfjrH.dll, loader C:\\7d7wfxi0\\bin\\DSOfeqa.exe\n2026-06-29 06:56:24,936 [root] DEBUG: Loader: Injecting process 3712 (thread 4420) with C:\\7d7wfxi0\\dll\\UKRfjrH.dll.\n2026-06-29 06:56:24,940 [root] DEBUG: InjectDllViaIAT: This image has already been patched.\n2026-06-29 06:56:24,941 [root] DEBUG: Successfully injected DLL C:\\7d7wfxi0\\dll\\UKRfjrH.dll.\n2026-06-29 06:56:24,945 [lib.api.process] INFO: Injected into 32-bit <Process 3712 WmiPrvSE.exe>\n2026-06-29 06:56:25,010 [root] DEBUG: 3712: Python path set to 'C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314'.\n2026-06-29 06:56:25,011 [root] DEBUG: 3712: Dropped file limit defaulting to 100.\n2026-06-29 06:56:25,029 [root] DEBUG: 3712: Disabling sleep skipping.\n2026-06-29 06:56:25,031 [root] DEBUG: 3712: Services hook set enabled\n2026-06-29 06:56:25,075 [root] DEBUG: 3712: YaraInit: Compiled rules loaded from existing file C:\\7d7wfxi0\\data\\yara\\capemon.yac\n2026-06-29 06:56:25,077 [root] DEBUG: 3712: Monitor initialised: 32-bit capemon loaded in process 3712 at 0x743d0000, thread 4420, image base 0xa70000, stack from 0x2d20000-0x2d30000\n2026-06-29 06:56:25,078 [root] DEBUG: 3712: Commandline: C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe -secured -Embedding\n2026-06-29 06:56:25,127 [root] DEBUG: 3712: Hooked 69 out of 69 functions\n2026-06-29 06:56:25,168 [root] DEBUG: 3712: RestoreHeaders: Restored original import table.\n2026-06-29 06:56:25,171 [root] INFO: Loaded monitor into process with pid 3712\n2026-06-29 06:56:25,184 [root] DEBUG: 3712: DLL loaded at 0x74CF0000: C:\\Windows\\SYSTEM32\\kernel.appcore (0xf000 bytes).\n2026-06-29 06:56:25,187 [root] DEBUG: 3712: DLL loaded at 0x769D0000: C:\\Windows\\System32\\bcryptPrimitives (0x5f000 bytes).\n2026-06-29 06:56:25,215 [root] DEBUG: 3712: DLL loaded at 0x76A30000: C:\\Windows\\System32\\clbcatq (0x7e000 bytes).\n2026-06-29 06:56:25,245 [lib.api.process] INFO: Monitor config for process 4160: C:\\7d7wfxi0\\dll\\4160.ini\n2026-06-29 06:56:25,256 [lib.api.process] INFO: 64-bit DLL to inject is C:\\7d7wfxi0\\dll\\sctTxzh.dll, loader C:\\7d7wfxi0\\bin\\kTLHFLzB.exe\n2026-06-29 06:56:25,350 [root] DEBUG: Loader: Injecting process 4160 with C:\\7d7wfxi0\\dll\\sctTxzh.dll.\n2026-06-29 06:56:25,366 [root] DEBUG: 4160: Python path set to 'C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314'.\n2026-06-29 06:56:25,368 [root] DEBUG: 4160: Disabling sleep skipping.\n2026-06-29 06:56:25,370 [root] DEBUG: 4160: Dropped file limit defaulting to 100.\n2026-06-29 06:56:25,389 [root] DEBUG: 4160: Services hook set enabled\n2026-06-29 06:56:25,396 [root] DEBUG: 4160: YaraInit: Compiled rules loaded from existing file C:\\7d7wfxi0\\data\\yara\\capemon.yac\n2026-06-29 06:56:25,462 [root] DEBUG: 4160: RtlInsertInvertedFunctionTable 0x00007FF9AAA0090E, LdrpInvertedFunctionTableSRWLock 0x00007FF9AAB5B4F0\n2026-06-29 06:56:25,464 [root] DEBUG: 4160: Monitor initialised: 64-bit capemon loaded in process 4160 at 0x00007FF986270000, thread 5276, image base 0x00007FF69D480000, stack from 0x000000B868474000-0x000000B868480000\n2026-06-29 06:56:25,464 [root] DEBUG: 4160: Commandline: C:\\Windows\\system32\\svchost.exe -k netsvcs -p\n2026-06-29 06:56:25,493 [root] DEBUG: 4160: Hooked 69 out of 69 functions\n2026-06-29 06:56:25,495 [root] INFO: Loaded monitor into process with pid 4160\n2026-06-29 06:56:25,496 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-06-29 06:56:25,497 [root] DEBUG: Successfully injected DLL C:\\7d7wfxi0\\dll\\sctTxzh.dll.\n2026-06-29 06:56:25,544 [lib.api.process] INFO: Injected into 64-bit <Process 4160 svchost.exe>\n2026-06-29 06:56:27,560 [root] DEBUG: 3712: DLL loaded at 0x721B0000: C:\\Windows\\system32\\wbem\\wbemprox (0xd000 bytes).\n2026-06-29 06:56:27,579 [root] DEBUG: 3712: DLL loaded at 0x72120000: C:\\Windows\\system32\\wbem\\wbemsvc (0x10000 bytes).\n2026-06-29 06:56:27,600 [root] DEBUG: 3712: DLL loaded at 0x72030000: C:\\Windows\\SYSTEM32\\amsi (0x12000 bytes).\n2026-06-29 06:56:27,621 [root] DEBUG: 3712: DLL loaded at 0x70F10000: C:\\Windows\\system32\\wbem\\wmiutils (0x1d000 bytes).\n2026-06-29 06:56:27,660 [root] DEBUG: 3712: DLL loaded at 0x73340000: C:\\Windows\\SYSTEM32\\USERENV (0x25000 bytes).\n2026-06-29 06:56:27,661 [root] DEBUG: 3712: DLL loaded at 0x73970000: C:\\Windows\\SYSTEM32\\ntmarta (0x29000 bytes).\n2026-06-29 06:56:27,663 [root] DEBUG: 3712: DLL loaded at 0x6F800000: C:\\Windows\\system32\\wbem\\esscli (0x60000 bytes).\n2026-06-29 06:56:27,664 [root] DEBUG: 3712: DLL loaded at 0x6F860000: C:\\Windows\\system32\\wbem\\stdprov (0x1e000 bytes).\n2026-06-29 06:57:49,272 [root] DEBUG: 3712: NtTerminateProcess hook: Attempting to dump process 3712\n2026-06-29 06:57:49,279 [root] DEBUG: 3712: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-06-29 06:57:49,284 [root] INFO: Process with pid 3712 has terminated\n2026-06-29 06:58:38,607 [root] DEBUG: 3412: NtTerminateProcess hook: Attempting to dump process 3412\n2026-06-29 06:58:38,615 [root] DEBUG: 3412: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-06-29 06:58:38,653 [root] INFO: Process with pid 3412 has terminated\n2026-06-29 06:59:28,221 [root] INFO: Analysis timeout hit, terminating analysis\n2026-06-29 06:59:28,225 [lib.api.process] INFO: Terminate event set for process 756\n2026-06-29 06:59:28,227 [root] DEBUG: 756: Terminate Event: Attempting to dump process 756\n2026-06-29 06:59:28,229 [root] DEBUG: 756: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-06-29 06:59:28,238 [lib.api.process] INFO: Termination confirmed for process 756\n2026-06-29 06:59:28,238 [root] INFO: Terminate event set for process 756\n2026-06-29 06:59:28,239 [lib.api.process] INFO: Terminate event set for process 4160\n2026-06-29 06:59:28,241 [root] DEBUG: 756: Terminate Event: monitor shutdown complete for process 756\n2026-06-29 06:59:28,243 [root] DEBUG: 4160: Terminate Event: Attempting to dump process 4160\n2026-06-29 06:59:28,245 [root] DEBUG: 4160: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-06-29 06:59:28,250 [lib.api.process] INFO: Termination confirmed for process 4160\n2026-06-29 06:59:28,251 [root] INFO: Terminate event set for process 4160\n2026-06-29 06:59:28,252 [root] DEBUG: 4160: Terminate Event: monitor shutdown complete for process 4160\n2026-06-29 06:59:28,252 [root] INFO: Created shutdown mutex\n2026-06-29 06:59:29,268 [root] INFO: Shutting down package\n2026-06-29 06:59:29,269 [root] INFO: Stopping auxiliary modules\n2026-06-29 06:59:29,272 [root] INFO: Stopping auxiliary module: Browser\n2026-06-29 06:59:29,272 [root] INFO: Stopping auxiliary module: Human\n2026-06-29 06:59:30,848 [root] INFO: Stopping auxiliary module: Screenshots\n2026-06-29 06:59:30,849 [root] INFO: Finishing auxiliary modules\n2026-06-29 06:59:30,850 [root] INFO: Shutting down pipe server and dumping dropped files\n2026-06-29 06:59:30,851 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\helpfile\\1033\\help.html does not exist, skipping\n2026-06-29 06:59:30,852 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\helpfile\\1046\\help.html does not exist, skipping\n2026-06-29 06:59:30,853 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\helpfile\\1055\\help.html does not exist, skipping\n2026-06-29 06:59:30,854 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\helpfile\\1040\\help.html does not exist, skipping\n2026-06-29 06:59:30,855 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\helpfile\\3082\\help.html does not exist, skipping\n2026-06-29 06:59:30,856 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\helpfile\\1031\\help.html does not exist, skipping\n2026-06-29 06:59:30,856 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\helpfile\\1041\\help.html does not exist, skipping\n2026-06-29 06:59:30,857 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\helpfile\\2052\\help.html does not exist, skipping\n2026-06-29 06:59:30,858 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\helpfile\\1028\\help.html does not exist, skipping\n2026-06-29 06:59:30,858 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\helpfile\\1029\\help.html does not exist, skipping\n2026-06-29 06:59:30,859 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\helpfile\\1045\\help.html does not exist, skipping\n2026-06-29 06:59:30,859 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\helpfile\\1042\\help.html does not exist, skipping\n2026-06-29 06:59:30,860 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\helpfile\\1036\\help.html does not exist, skipping\n2026-06-29 06:59:30,861 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\helpfile\\1049\\help.html does not exist, skipping\n2026-06-29 06:59:30,861 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe does not exist, skipping\n2026-06-29 06:59:30,862 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\microsoft.c2rsignaturereader.interop.dll does not exist, skipping\n2026-06-29 06:59:30,862 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\microsoft.c2rsignaturereader.native.dll does not exist, skipping\n2026-06-29 06:59:30,863 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\microsoft.identity.client.broker.dll does not exist, skipping\n2026-06-29 06:59:30,864 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\microsoft.identity.client.dll does not exist, skipping\n2026-06-29 06:59:30,864 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\microsoft.identity.client.extensions.msal.dll does not exist, skipping\n2026-06-29 06:59:30,865 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\microsoft.identity.client.nativeinterop.dll does not exist, skipping\n2026-06-29 06:59:30,866 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\microsoft.identitymodel.abstractions.dll does not exist, skipping\n2026-06-29 06:59:30,866 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\microsoft.visualstudio.remotecontrol.dll does not exist, skipping\n2026-06-29 06:59:30,868 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\microsoft.visualstudio.setup.common.dll does not exist, skipping\n2026-06-29 06:59:30,869 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\microsoft.visualstudio.setup.dll does not exist, skipping\n2026-06-29 06:59:30,869 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\microsoft.visualstudio.setup.download.dll does not exist, skipping\n2026-06-29 06:59:30,870 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\microsoft.visualstudio.telemetry.dll does not exist, skipping\n2026-06-29 06:59:30,870 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\microsoft.visualstudio.utilities.internal.dll does not exist, skipping\n2026-06-29 06:59:30,871 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll does not exist, skipping\n2026-06-29 06:59:30,872 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll does not exist, skipping\n2026-06-29 06:59:30,873 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll does not exist, skipping\n2026-06-29 06:59:30,873 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\newtonsoft.json.dll does not exist, skipping\n2026-06-29 06:59:30,874 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\system.memory.dll does not exist, skipping\n2026-06-29 06:59:30,874 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\system.runtime.compilerservices.unsafe.dll does not exist, skipping\n2026-06-29 06:59:30,874 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vsinstallerelevationservice.contracts.dll does not exist, skipping\n2026-06-29 06:59:30,875 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-hant\\vs_setup_bootstrapper.resources.dll does not exist, skipping\n2026-06-29 06:59:30,875 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-br\\vs_setup_bootstrapper.resources.dll does not exist, skipping\n2026-06-29 06:59:30,876 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll does not exist, skipping\n2026-06-29 06:59:30,877 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll does not exist, skipping\n2026-06-29 06:59:30,877 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll does not exist, skipping\n2026-06-29 06:59:30,878 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll does not exist, skipping\n2026-06-29 06:59:30,878 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll does not exist, skipping\n2026-06-29 06:59:30,879 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll does not exist, skipping\n2026-06-29 06:59:30,880 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-hans\\vs_setup_bootstrapper.resources.dll does not exist, skipping\n2026-06-29 06:59:30,881 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll does not exist, skipping\n2026-06-29 06:59:30,881 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll does not exist, skipping\n2026-06-29 06:59:30,882 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll does not exist, skipping\n2026-06-29 06:59:30,883 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll does not exist, skipping\n2026-06-29 06:59:30,883 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config does not exist, skipping\n2026-06-29 06:59:30,884 [root] WARNING: File at path c:\\users\\rajesh\\appdata\\local\\temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config does not exist, skipping\n2026-06-29 06:59:30,885 [root] WARNING: Folder at path \"C:\\UfGevMwj\\debugger\" does not exist, skipping\n2026-06-29 06:59:30,886 [root] WARNING: Folder at path \"C:\\UfGevMwj\\tlsdump\" does not exist, skipping\n2026-06-29 06:59:30,906 [root] WARNING: Monitor injection attempted but failed for process 3236\n2026-06-29 06:59:30,907 [root] INFO: Analysis completed\n",
    "errors": []
  },
  "network": {
    "pcap_sha256": "e2c55beb5459eb98468bd0e725964147b36d92642de7e2ac0199e783340a6e92",
    "hosts": [
      {
        "ip": "2.19.13.249",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "aka.ms",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "40.112.143.140",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "sendvsfeedback2.azurewebsites.net",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "13.107.5.93",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "default.exp-tas.com",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "184.25.193.167",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "aka.ms",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "173.194.76.94",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "40.126.31.131",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "108.177.15.139",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "108.177.15.94",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "74.125.206.84",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "66.102.1.138",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "74.125.206.138",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "74.125.133.95",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "142.251.150.119",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "142.251.168.139",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "142.251.168.100",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "74.125.206.101",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "74.125.71.94",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "142.251.16.94",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      }
    ],
    "domains": [
      {
        "domain": "aka.ms",
        "ip": "2.22.46.8"
      },
      {
        "domain": "default.exp-tas.com",
        "ip": "13.107.5.93"
      },
      {
        "domain": "sendvsfeedback2.azurewebsites.net",
        "ip": "40.112.143.140"
      }
    ],
    "tcp": [
      {
        "src": "192.168.122.139",
        "sport": 49696,
        "dst": "142.251.16.94",
        "dport": 443,
        "offset": 24,
        "time": 0.0
      },
      {
        "src": "192.168.122.139",
        "sport": 49697,
        "dst": "74.125.71.94",
        "dport": 443,
        "offset": 95,
        "time": 0.03197598457336426
      },
      {
        "src": "192.168.122.139",
        "sport": 49698,
        "dst": "74.125.206.101",
        "dport": 443,
        "offset": 306,
        "time": 1.6078760623931885
      },
      {
        "src": "192.168.122.139",
        "sport": 49681,
        "dst": "142.251.168.100",
        "dport": 443,
        "offset": 447,
        "time": 4.825283050537109
      },
      {
        "src": "192.168.122.139",
        "sport": 49754,
        "dst": "142.251.168.139",
        "dport": 443,
        "offset": 1118,
        "time": 4.875565052032471
      },
      {
        "src": "192.168.122.139",
        "sport": 49755,
        "dst": "142.251.16.94",
        "dport": 443,
        "offset": 10433,
        "time": 5.038203001022339
      },
      {
        "src": "192.168.122.139",
        "sport": 49679,
        "dst": "142.251.150.119",
        "dport": 443,
        "offset": 15300,
        "time": 6.968260049819946
      },
      {
        "src": "192.168.122.139",
        "sport": 49686,
        "dst": "74.125.133.95",
        "dport": 443,
        "offset": 28800,
        "time": 9.531783103942871
      },
      {
        "src": "192.168.122.139",
        "sport": 49687,
        "dst": "74.125.206.138",
        "dport": 443,
        "offset": 28941,
        "time": 9.825842142105103
      },
      {
        "src": "192.168.122.139",
        "sport": 49682,
        "dst": "66.102.1.138",
        "dport": 443,
        "offset": 29082,
        "time": 10.226542949676514
      },
      {
        "src": "192.168.122.139",
        "sport": 49680,
        "dst": "74.125.206.84",
        "dport": 443,
        "offset": 29223,
        "time": 17.05483603477478
      },
      {
        "src": "192.168.122.139",
        "sport": 49683,
        "dst": "108.177.15.94",
        "dport": 443,
        "offset": 29364,
        "time": 18.66752290725708
      },
      {
        "src": "192.168.122.139",
        "sport": 49688,
        "dst": "108.177.15.139",
        "dport": 443,
        "offset": 29717,
        "time": 22.149059057235718
      },
      {
        "src": "192.168.122.139",
        "sport": 49760,
        "dst": "40.126.31.131",
        "dport": 443,
        "offset": 30162,
        "time": 22.250957012176514
      },
      {
        "src": "192.168.122.139",
        "sport": 49693,
        "dst": "173.194.76.94",
        "dport": 443,
        "offset": 53236,
        "time": 27.11137890815735
      },
      {
        "src": "192.168.122.139",
        "sport": 49695,
        "dst": "108.177.15.139",
        "dport": 443,
        "offset": 195516,
        "time": 30.896445989608765
      },
      {
        "src": "192.168.122.139",
        "sport": 49765,
        "dst": "23.58.193.160",
        "dport": 443,
        "offset": 209203,
        "time": 33.79610013961792
      },
      {
        "src": "192.168.122.139",
        "sport": 49767,
        "dst": "40.70.147.9",
        "dport": 443,
        "offset": 225566,
        "time": 34.0426230430603
      },
      {
        "src": "192.168.122.139",
        "sport": 49769,
        "dst": "135.232.92.97",
        "dport": 443,
        "offset": 282907,
        "time": 35.247913122177124
      },
      {
        "src": "192.168.122.139",
        "sport": 49772,
        "dst": "20.165.94.63",
        "dport": 443,
        "offset": 292259,
        "time": 36.24717593193054
      },
      {
        "src": "192.168.122.139",
        "sport": 49774,
        "dst": "23.220.72.142",
        "dport": 80,
        "offset": 338792,
        "time": 95.03685593605042
      },
      {
        "src": "192.168.122.139",
        "sport": 49775,
        "dst": "184.25.193.167",
        "dport": 443,
        "offset": 341866,
        "time": 133.40377807617188
      },
      {
        "src": "192.168.122.139",
        "sport": 49777,
        "dst": "184.25.193.167",
        "dport": 443,
        "offset": 384655,
        "time": 133.87922501564026
      },
      {
        "src": "192.168.122.139",
        "sport": 49779,
        "dst": "184.25.193.167",
        "dport": 443,
        "offset": 53044676,
        "time": 140.94980907440186
      },
      {
        "src": "192.168.122.139",
        "sport": 49783,
        "dst": "96.17.207.138",
        "dport": 443,
        "offset": 53075685,
        "time": 148.85346698760986
      },
      {
        "src": "192.168.122.139",
        "sport": 49781,
        "dst": "13.107.5.93",
        "dport": 443,
        "offset": 53076289,
        "time": 148.8542001247406
      },
      {
        "src": "192.168.122.139",
        "sport": 49785,
        "dst": "23.58.193.160",
        "dport": 443,
        "offset": 53100180,
        "time": 151.746896982193
      },
      {
        "src": "192.168.122.139",
        "sport": 49787,
        "dst": "13.107.5.93",
        "dport": 443,
        "offset": 53122173,
        "time": 151.96185398101807
      },
      {
        "src": "192.168.122.139",
        "sport": 49789,
        "dst": "96.17.207.146",
        "dport": 443,
        "offset": 53154007,
        "time": 154.4031810760498
      },
      {
        "src": "192.168.122.139",
        "sport": 49791,
        "dst": "40.112.143.140",
        "dport": 443,
        "offset": 53181057,
        "time": 156.1053020954132
      },
      {
        "src": "192.168.122.139",
        "sport": 49792,
        "dst": "2.19.13.249",
        "dport": 443,
        "offset": 53181736,
        "time": 156.17781901359558
      },
      {
        "src": "192.168.122.139",
        "sport": 49794,
        "dst": "23.58.193.160",
        "dport": 443,
        "offset": 71375913,
        "time": 158.79353404045105
      },
      {
        "src": "192.168.122.139",
        "sport": 49796,
        "dst": "96.17.207.151",
        "dport": 443,
        "offset": 71387238,
        "time": 158.91101598739624
      },
      {
        "src": "192.168.122.139",
        "sport": 49797,
        "dst": "2.19.13.249",
        "dport": 443,
        "offset": 71397589,
        "time": 164.67504596710205
      },
      {
        "src": "192.168.122.139",
        "sport": 49798,
        "dst": "2.19.13.249",
        "dport": 443,
        "offset": 71494183,
        "time": 164.76948404312134
      },
      {
        "src": "192.168.122.139",
        "sport": 49799,
        "dst": "2.19.13.249",
        "dport": 443,
        "offset": 71557542,
        "time": 164.9539680480957
      },
      {
        "src": "192.168.122.139",
        "sport": 49800,
        "dst": "2.19.13.249",
        "dport": 443,
        "offset": 71584599,
        "time": 165.08739590644836
      },
      {
        "src": "192.168.122.139",
        "sport": 49801,
        "dst": "2.19.13.249",
        "dport": 443,
        "offset": 71714800,
        "time": 165.2684350013733
      },
      {
        "src": "192.168.122.139",
        "sport": 49802,
        "dst": "2.19.13.249",
        "dport": 443,
        "offset": 71838064,
        "time": 165.4348669052124
      }
    ],
    "udp": [
      {
        "src": "192.168.122.139",
        "sport": 5353,
        "dst": "224.0.0.251",
        "dport": 5353,
        "offset": 1705,
        "time": 4.880162954330444
      },
      {
        "src": "192.168.122.139",
        "sport": 51083,
        "dst": "224.0.0.252",
        "dport": 5355,
        "offset": 7153,
        "time": 4.889066934585571
      },
      {
        "src": "192.168.122.139",
        "sport": 54256,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 14963,
        "time": 5.805599927902222
      },
      {
        "src": "192.168.122.139",
        "sport": 60818,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 15199,
        "time": 6.925597906112671
      },
      {
        "src": "192.168.122.139",
        "sport": 55858,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 53377,
        "time": 27.675498962402344
      },
      {
        "src": "192.168.122.139",
        "sport": 59714,
        "dst": "224.0.0.252",
        "dport": 5355,
        "offset": 53566,
        "time": 27.687227964401245
      },
      {
        "src": "192.168.122.139",
        "sport": 59715,
        "dst": "239.255.255.250",
        "dport": 1900,
        "offset": 195284,
        "time": 30.7307391166687
      },
      {
        "src": "192.168.122.139",
        "sport": 56207,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 195959,
        "time": 31.856317043304443
      },
      {
        "src": "192.168.122.139",
        "sport": 53337,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 208690,
        "time": 33.737447023391724
      },
      {
        "src": "192.168.122.139",
        "sport": 49581,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 216194,
        "time": 33.80735802650452
      },
      {
        "src": "192.168.122.139",
        "sport": 51983,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 223687,
        "time": 33.87575912475586
      },
      {
        "src": "192.168.122.139",
        "sport": 61501,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 232492,
        "time": 34.194499015808105
      },
      {
        "src": "192.168.122.139",
        "sport": 58545,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 281834,
        "time": 35.03939700126648
      },
      {
        "src": "192.168.122.139",
        "sport": 56063,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 282346,
        "time": 35.159477949142456
      },
      {
        "src": "192.168.122.139",
        "sport": 58010,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 286866,
        "time": 35.523361921310425
      },
      {
        "src": "192.168.122.139",
        "sport": 59481,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 336163,
        "time": 82.9373390674591
      },
      {
        "src": "192.168.122.139",
        "sport": 49802,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 341452,
        "time": 133.3745400905609
      },
      {
        "src": "192.168.122.139",
        "sport": 57842,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 350654,
        "time": 133.49107909202576
      },
      {
        "src": "192.168.122.139",
        "sport": 60484,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 53040496,
        "time": 135.5445909500122
      },
      {
        "src": "192.168.122.139",
        "sport": 55229,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 53071950,
        "time": 148.80515694618225
      },
      {
        "src": "192.168.122.139",
        "sport": 57072,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 53072061,
        "time": 148.8124749660492
      },
      {
        "src": "192.168.122.139",
        "sport": 60423,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 53074781,
        "time": 148.84200191497803
      },
      {
        "src": "192.168.122.139",
        "sport": 60424,
        "dst": "239.255.255.250",
        "dport": 1900,
        "offset": 53098747,
        "time": 150.74155807495117
      },
      {
        "src": "192.168.122.139",
        "sport": 50327,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 53131929,
        "time": 152.19972491264343
      },
      {
        "src": "192.168.122.139",
        "sport": 59600,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 53153396,
        "time": 154.36391592025757
      },
      {
        "src": "192.168.122.139",
        "sport": 54576,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 53180474,
        "time": 155.88472199440002
      },
      {
        "src": "192.168.122.139",
        "sport": 63449,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 53181322,
        "time": 156.16918110847473
      },
      {
        "src": "192.168.122.139",
        "sport": 64409,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 71386608,
        "time": 158.85408806800842
      }
    ],
    "icmp": [],
    "http": [],
    "dns": [
      {
        "request": "aka.ms",
        "type": "A",
        "answers": [
          {
            "type": "A",
            "data": "184.25.193.167"
          },
          {
            "type": "A",
            "data": "2.19.13.249"
          }
        ],
        "first_seen": 1782741482.707107
      },
      {
        "request": "default.exp-tas.com",
        "type": "A",
        "answers": [
          {
            "type": "A",
            "data": "13.107.5.93"
          },
          {
            "type": "CNAME",
            "data": "deault-exp-tas-com.e-0014.e-msedge.net"
          },
          {
            "type": "CNAME",
            "data": "e-0014.e-msedge.net"
          }
        ],
        "first_seen": 1782741498.174569
      },
      {
        "request": "sendvsfeedback2.azurewebsites.net",
        "type": "A",
        "answers": [
          {
            "type": "A",
            "data": "40.112.143.140"
          },
          {
            "type": "CNAME",
            "data": "waws-prod-bay-045.westus.cloudapp.azure.com"
          },
          {
            "type": "CNAME",
            "data": "waws-prod-bay-045.sip.azurewebsites.windows.net"
          }
        ],
        "first_seen": 1782741505.217289
      }
    ],
    "smtp": [],
    "irc": [],
    "dead_hosts": []
  },
  "url_analysis": {},
  "procmemory": [],
  "signatures": [
    {
      "name": "stealth_network",
      "description": "Network activity detected but not expressed in monitor API logs",
      "categories": [
        "stealth"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "ip": "2.19.13.249"
        },
        {
          "ip": "40.112.143.140"
        },
        {
          "ip": "13.107.5.93"
        },
        {
          "ip": "184.25.193.167"
        },
        {
          "ip": "173.194.76.94"
        },
        {
          "ip": "40.126.31.131"
        },
        {
          "ip": "108.177.15.139"
        },
        {
          "ip": "108.177.15.94"
        },
        {
          "ip": "74.125.206.84"
        },
        {
          "ip": "66.102.1.138"
        },
        {
          "ip": "74.125.206.138"
        },
        {
          "ip": "74.125.133.95"
        },
        {
          "ip": "142.251.150.119"
        },
        {
          "ip": "142.251.168.139"
        },
        {
          "ip": "142.251.168.100"
        },
        {
          "ip": "74.125.206.101"
        },
        {
          "ip": "74.125.71.94"
        },
        {
          "ip": "142.251.16.94"
        },
        {
          "domain": "aka.ms"
        },
        {
          "domain": "default.exp-tas.com"
        },
        {
          "domain": "sendvsfeedback2.azurewebsites.net"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_computer_name",
      "description": "Queries computer hostname",
      "categories": [
        "system_discovery"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3412,
          "cid": 106
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_keyboard_layout",
      "description": "Queries the keyboard layout",
      "categories": [
        "location_discovery"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3412,
          "cid": 308
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 360
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 397
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 498
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8816
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8822
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8834
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8846
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_locale_api",
      "description": "Queries the computer locale (possible geofencing)",
      "categories": [
        "location_discovery",
        "geofence"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3412,
          "cid": 229
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 508
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 692
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 757
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 828
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 831
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 834
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 837
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 861
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 892
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 924
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 952
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 983
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1011
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1035
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1060
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1089
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1121
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1162
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1179
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1203
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1207
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1220
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1224
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1239
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1243
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1254
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1258
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1271
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1275
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1304
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1310
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1367
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1385
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1435
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1454
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1507
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1553
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1566
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1644
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1682
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1686
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1730
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1781
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1817
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1832
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1873
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1913
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1933
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1947
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1967
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1981
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1998
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 2011
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 2030
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 2047
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 2065
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 2085
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 2101
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 2110
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 2126
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 2189
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 2316
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 3509
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 3530
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 3551
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 4014
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 4728
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 4893
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 6322
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 7094
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 7096
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 7237
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8444
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8821
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "static_pe_pdbpath",
      "description": "The PE file contains a PDB path",
      "categories": [
        "static"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 80,
      "references": [
        "https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html"
      ],
      "data": [
        {
          "pdbpath": "D:\\a\\_work\\1\\s\\bin\\BoxStub\\Release\\Win32\\boxstub.pdb"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "antidebug_setunhandledexceptionfilter",
      "description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
      "categories": [
        "anti-debug"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 40,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3412,
          "cid": 55
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "stealth_timeout",
      "description": "Possible date expiration check, exits too soon after checking local time",
      "categories": [
        "stealth"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 40,
      "references": [],
      "data": [
        {
          "process": "vs_Community_1_.exe, PID 3412"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 9146
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "language_check_registry",
      "description": "Checks system language via registry key (possible geofencing)",
      "categories": [
        "location_discovery",
        "geofence"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US"
        },
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "anomalous_deletefile",
      "description": "Anomalous file deletion behavior detected (10+)",
      "categories": [
        "malware"
      ],
      "severity": 2,
      "weight": 4,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\help.html"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8927
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\help.html"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8928
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\help.html"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8929
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\help.html"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8930
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\help.html"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8931
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\help.html"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8932
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\help.html"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8933
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\help.html"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8934
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\help.html"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8935
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\help.html"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8936
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\help.html"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8937
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\help.html"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8938
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\help.html"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8939
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\help.html"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8940
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8941
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Interop.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8942
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.C2RSignatureReader.Native.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8943
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Broker.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8944
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8945
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.Extensions.Msal.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8946
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.Identity.Client.NativeInterop.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8947
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.IdentityModel.Abstractions.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8948
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.RemoteControl.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8949
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Common.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8950
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8951
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Setup.Download.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8952
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Telemetry.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8953
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Microsoft.VisualStudio.Utilities.Internal.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8954
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\msalruntime.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8955
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\msalruntime_arm64.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8956
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\msalruntime_x86.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8957
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\Newtonsoft.Json.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8958
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Memory.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8959
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\System.Runtime.CompilerServices.Unsafe.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8960
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\VSInstallerElevationService.Contracts.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8961
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\vs_setup_bootstrapper.resources.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8962
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\vs_setup_bootstrapper.resources.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8963
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\vs_setup_bootstrapper.resources.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8964
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\vs_setup_bootstrapper.resources.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8965
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\vs_setup_bootstrapper.resources.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8966
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\vs_setup_bootstrapper.resources.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8967
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\vs_setup_bootstrapper.resources.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8968
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\vs_setup_bootstrapper.resources.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8969
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\vs_setup_bootstrapper.resources.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8970
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\vs_setup_bootstrapper.resources.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8971
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\vs_setup_bootstrapper.resources.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8972
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\vs_setup_bootstrapper.resources.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8973
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\vs_setup_bootstrapper.resources.dll"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8974
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.config"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8975
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.exe.config"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8976
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\detection.json"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8977
        },
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\vs_setup_bootstrapper.json"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8978
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "privilege_elevation_check",
      "description": "Queries process token information to check for Administrator privileges or UAC elevation status",
      "categories": [
        "discovery",
        "privilege_escalation"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 80,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3412,
          "cid": 2321
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 3491
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 3868
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 4118
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 4822
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 7098
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 7843
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8247
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8304
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8311
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "mountpoints_volume_discovery",
      "description": "Queries the mount points and then resolves volume paths to enumerate storage devices",
      "categories": [
        "discovery",
        "ransomware",
        "wiper"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 20,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3412,
          "cid": 3614
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 3621
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 3632
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 3698
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 3702
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 3709
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 3713
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 3720
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 3730
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 3735
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 7053
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8322
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "resumethread_remote_process",
      "description": "Resumed a thread in another process",
      "categories": [
        "injection",
        "unpacking"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "thread_resumed": "Process vs_community_1_.exe with process ID 3412 resumed a thread in another process with the process ID 3236"
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8745
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "reads_self",
      "description": "Reads data out of its own binary image",
      "categories": [
        "generic"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 30,
      "references": [],
      "data": [
        {
          "self_read": "process: vs_Community_1_.exe, pid: 3412, offset: 0x3030785c3030785c, length: 0x00069038"
        },
        {
          "self_read": "process: vs_Community_1_.exe, pid: 3412, offset: 0x3039785c3461785c, length: 0x00000020"
        },
        {
          "self_read": "process: vs_Community_1_.exe, pid: 3412, offset: 0x30785c303131785c, length: 0x00100000"
        },
        {
          "self_read": "process: vs_Community_1_.exe, pid: 3412, offset: 0x31785c303131785c, length: 0x00100000"
        },
        {
          "self_read": "process: vs_Community_1_.exe, pid: 3412, offset: 0x5c3030785c423a7e, length: 0x0000141f"
        },
        {
          "self_read": "process: vs_Community_1_.exe, pid: 3412, offset: 0x6165785c3266785c, length: 0x0000053d"
        },
        {
          "self_read": "process: vs_Community_1_.exe, pid: 3412, offset: 0x785c26303131785c, length: 0x00100000"
        },
        {
          "self_read": "process: vs_Community_1_.exe, pid: 3412, offset: 0x785c36303131785c, length: 0x000ba9ba"
        },
        {
          "self_read": "process: vs_Community_1_.exe, pid: 3412, offset: 0x785c424e6439785c, length: 0x00011850"
        },
        {
          "self_read": "process: vs_Community_1_.exe, pid: 3412, offset: 0x785c433066785c2f, length: 0x00000025"
        },
        {
          "self_read": "process: vs_Community_1_.exe, pid: 3412, offset: 0x785c43666465785c, length: 0x00008405"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "packer_unknown_pe_section_name",
      "description": "The binary contains an unknown PE section name indicative of packing",
      "categories": [
        "packer"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "unknown section": {
            "name": ".didat",
            "raw_address": "0x0003a400",
            "virtual_address": "0x0003d000",
            "virtual_size": "0x0000002c",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "0.45"
          }
        },
        {
          "unknown section": {
            "name": ".boxld01",
            "raw_address": "0x0003a600",
            "virtual_address": "0x0003e000",
            "virtual_size": "0x000000b8",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "1.67"
          }
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "contains_pe_overlay",
      "description": "The PE file contains an overlay",
      "categories": [
        "static"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "overlay": "Contains overlay at offset 0x00069000 with size: 4032432 bytes"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "discover_registry_mount_points",
      "description": "Queries registry mount points to identify historical or connected removable/network drives",
      "categories": [
        "discovery",
        "ransomware",
        "wiper"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 20,
      "references": [],
      "data": [
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Data"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "hardware_id_profiling",
      "description": "Queries the Volume Serial Number or Physical Hardware ID, possibly for anti-sandbox, victim profiling or environmental keying",
      "categories": [
        "evasion",
        "recon",
        "anti-sandbox"
      ],
      "severity": 3,
      "weight": 4,
      "confidence": 80,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3412,
          "cid": 8699
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8704
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 8709
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "infostealer_cookies",
      "description": "Touches a file containing cookies, possibly for information gathering",
      "categories": [
        "infostealer"
      ],
      "severity": 3,
      "weight": 4,
      "confidence": 100,
      "references": [],
      "data": [],
      "new_data": [
        {
          "process": {
            "process_name": "vs_Community_1_.exe",
            "process_id": 3412
          },
          "signs": [
            {
              "type": "file",
              "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
            }
          ]
        }
      ],
      "alert": false,
      "families": []
    },
    {
      "name": "mass_file_modification_access",
      "description": "Opens a large number of files requesting WRITE or DELETE access, indicative of ransomware/wipers",
      "categories": [
        "ransomware",
        "wiper"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 50,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3412,
          "cid": 862
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 876
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 893
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 907
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 921
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 938
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 953
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 969
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 984
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 998
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1015
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1029
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1044
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1061
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 1090
        },
        {
          "total_existing_files_opened_for_modification": 52
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "ransomware_attribute_stripping",
      "description": "Strips file attributes to bypass read-only restrictions on a large number of files, possibly prior to ransomware/wiper destruction",
      "categories": [
        "ransomware",
        "wiper"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 50,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3412,
          "cid": 863
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 877
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 894
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 908
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 922
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 939
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 954
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 970
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 985
        },
        {
          "type": "call",
          "pid": 3412,
          "cid": 999
        },
        {
          "total_files_stripped": 52
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "folder_enumeration",
      "description": "Systematically searches multiple user directories using wildcards, common in ransomware/wipers/infostealers",
      "categories": [
        "ransomware",
        "wiper",
        "infostealer",
        "discovery"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 70,
      "references": [],
      "data": [
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1046\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\3082\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ja\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ko\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1033\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1029\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\de\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\native\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\cs\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1042\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\2052\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\native\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1028\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x64\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pt-BR\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\ru\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-x86\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1031\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1055\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\runtimes\\win-arm64\\native\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1040\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hans\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\fr\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\es\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1045\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\it\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1036\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\pl\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1049\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\tr\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\zh-Hant\\*.*"
        },
        {
          "target_folder": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\051775d19defbd24b8dc82ad282a\\vs_bootstrapper_d15\\HelpFile\\1041\\*.*"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    }
  ],
  "malscore": 9.0,
  "ttps": [
    {
      "signature": "anomalous_deletefile",
      "ttps": [
        "T1485"
      ],
      "mbcs": [
        "OB0008",
        "E1485",
        "OC0001",
        "C0047"
      ]
    },
    {
      "signature": "hardware_id_profiling",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "E1082",
        "E1480.001"
      ]
    },
    {
      "signature": "privilege_elevation_check",
      "ttps": [
        "T1033",
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "mountpoints_volume_discovery",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "infostealer_cookies",
      "ttps": [
        "T1539"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "resumethread_remote_process",
      "ttps": [
        "T1055"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "mass_file_modification_access",
      "ttps": [
        "T1486",
        "T1485"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "ransomware_attribute_stripping",
      "ttps": [
        "T1486"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "packer_unknown_pe_section_name",
      "ttps": [
        "T1027.002",
        "T1027"
      ],
      "mbcs": [
        "OB0001",
        "OB0002",
        "OB0006",
        "F0001"
      ]
    },
    {
      "signature": "contains_pe_overlay",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "static_pe_pdbpath",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "folder_enumeration",
      "ttps": [
        "T1083"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "discover_registry_mount_points",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    }
  ],
  "malstatus": "Malicious"
}